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Diversification, backup 
planning come fore 


BY PATRICK THIBODEAU 
WASHINGTON 


The contingency planning that 
manager Barry Brunetto de- 
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veloped for his company, 
Blount International Inc., cov- 
ers lot scenarios, including 
failed circuits and earthquakes. 
But never imagined that 
company WorldCom Inc.’s 
stature could disaster, and 
Brunetto now looking for 
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safety net for his data services. 
He’s not alone. 

Brunetto, the Portland, Ore.- 
based director information 
systems the sporting goods 
and power equipment maker, 
thought had viable busi- 
ness-contingency protection 
strategy place: restricting 
business agreements “Tier 
companies the most reli- 
able ones. That was then. 

“One the reasons deal 
with Tier vendors the sta- 
WorldCom, page 


biggest 
bang from 
your secu- 
rity buck. 


WAR TERROR 


AIDS MARKET 


Vendors vie for piece 
homeland security pie 
DAN VERTON 
The war terrorism fueling 
much-needed economic 
boost the market, accord- 
ing analysts and corporate 
executives. And slump-weary 
vendors are scrambling for 
piece the action. 

the $38 billion earmarked 
for homeland security the 
Bush administration’s fiscal 
2003 budget proposal, much 


The Security 


Futurists predict federal 
security audits and “security 
malpractice” lawsuits. 


ste should exclusive survey rogue 
wireless LAN access points. 

take now 
improve corporate security, trade. 

networks. 


STORIES BEGIN PAGE 23. 


$6.5 billion could spent 
new 
grams, estimated John Pesca- 
tore, analyst Stamford, 
Conn.-based Gartner Inc. 

The potential windfall has 
many traditional companies 
expanding their offerings from 
strictly commercial applica- 
tions encompass homeland 
security. 

The Bush administration’s 
focus using the nation’s 
brain trust tackle homeland 
security has attracted wide 
range mainstream com- 
panies, such American Man- 
agement Systems Inc., IBM, 
MicroStrategy Oracle 
Corp., Symbol Technologies 


War Terror, page 
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business, change can happen with vengeance. But you can also adapt 
with vengeance, you have the right tools. mySAP™ helps your 
organization align and leverage people quickly meet business objectives. 
also integrates all aspects Human Capital Management with the rest 
your business, you can analyze and measure performance need 
real time. Which could have real impact your bottom line. Visit 


sap.com/solutions/hr call 800 880 1727 for details 
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Can your software help keep your business and running matter what? 


Your company’s infrastructure far too important risk. why our full range business continuity solutions ensures 
able handle anything. BrightStor™ storage solutions provide the most comprehensive data backup and recovery. eTrust™ security 
solutions provide total protection for your entire enterprise, not just pieces. And infrastructure software keeps your whole 
business and running your business grows and becomes more complex, you need software solutions you can rely on. 


You may still not know corning. But you will know prepared. ca.com/continuity 


Business Continuity Solutions Computer Associates™ 


© 2002 Computer Associates International, inc. (CA). All rights reserved. 
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NEWS 


Southwest Airlines navigates 
turbulent post-Sept. travel mar- 
ket with the help business intel- 
ligence software. 


Novell’s road map for directory 
services spotlights plan extend 
identity management Web ser- 
vices technologies. 


Oracle goes head head with 
Microsoft the messaging market, 
unveiling collaboration software 
with links Oracle9i databases. 


Microsoft customers gain 
ally contract negotiations with 
the vendor. 


night sensation, because software 
that takes advantage its 64-bit 
technology hard find. 


2-D bar code readers may 
required equipment for businesses 
that want scan driver’s licenses. 


OPINIONS 

Maryfran 
How Contact 
Company 


The Importance ROI 


How critical are ROI analyses your 
work? Check out inquiry 
our online discussion forum. 
QuickLink: a2320 


QuickLink? 


some pages this issue, you'll see 
QuickLink code pointing addi- 
tional, related content our Web 
site. Just enter that code into our 
QuickLink box online, which you'll 
see the top each page our site. 


BREAKING NEWS 


For breaking news, updated twice daily, visit: 


QuickLink: a1510 
www.computerworld.com 
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The Security 


Action Plan 

NOTE: Today’s security 
crisis every bit big the Y2k 
problem except that doesn’t have immov- 
able deadline. This special report provides to-do 
list that ranges from managing patches and assem- 
bling incident response team securing 
wireless LANs. 


The Story Far fast-paced history secu- 
rity and disaster recovery, which our heroes 
battle against trapdoors, the Morris worm, Russian 
hackers, power outages and even earthquakes and 
hurricanes. 


ROI: Like every other kind 
investment, security proj- 
ects must demonstrate their 

business value. Here’s step- 
by-step guide cutting costs 


Manage Those 
New security software mak- 
ing easier distribute and 
test patches. But finding fast and reliable way iden- 
tify new patches and prioritize installation remains elu- 
sive and costly for companies. 

ONLINE: When comes complete product for patch 
management, single vendor meets all the 
needs most buyers. QuickLink: 30913 


Build Response Team computer 
incident response team’s mission or- 
chestrate speedy and organized company- 
wide response threat. While the goals 
most CIRTs are the same, there are dif- 
ferent approaches assembling the team. 


IBM EXEC TALKS ABOUT 
HOT SECURITY TRENDS 


The security head IBM Global 
Services describes services de- 
mand, the future biometrics and 
IBM’s work intelligence sharing. 
QuickLink: 31111 


QuickLink: 31185 


and getting the greatest returns. 


SECURITY 
CASE STUDIES 


How managers deal with chal- 
lenges such recovering from 
laptop crashes and monitoring all 
those security sensors. 


Let the Pros Investigate Forensics specialized 
discipline that’s fast becoming mandatory for compa- 
nies that need show that-computer crimes don’t 
unsolved unpunished. 

ONLINE: Assisting forensics investigation can 
complicated business, but there are resources available 
help. QuickLink: 30849 


Watch Out for Wireless Rogues Enterprise 
managers need develop comprehensive wireless LAN 
management policies order battle the proliferation 
rogue access points. 

ONLINE: Three products for detecting unauthorized ac- 
cess points wireless LANs. QuickLink: 30856 


Put Your Eggs 

Different Baskets Learn about 
four approaches that major compa- 
nies are using quickly recover 
even seamlessly continue doing 
business when disaster strikes. 
ONLINE: Before particular system 
goes down, determine the impact will have people, 
technology and processes. QuickLink: 30853 


40 QuickStudy: Denial-of-service attacks are an old 
problem, but few new twists make them even nastier. 


Opinion: The way thwart cyberterrorists 
stay one step ahead them finding vulnerabilities, 
says columnist Nicholas Petreley. 


Field Report: Virtual private networks are useful 
security tools that have gained reputation for being 
difficult implement and manage. But today’s VPN 

offerings long way toward ease use. 


Careers: roundup skills, training and salary in- 
formation for security professionals. 
ONLINE: One security engineer offers his 
tips for staying step ahead the hack- 
community. QuickLink: 30925 


The Next Chapter Pundits predict 
the rise “security malpractice” law- 
suits, federal security audits and slug- 
gish growth for smart cards. 


INTRUSION-DETECTION 
SYSTEMS EVOLVE 


The intrusion-detection systems 
the future are likely 
hybrids signature-based and 
anomaly-based technologies. 
QuickLink: 31186 
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DEADLINE 


Rejects 


NetScreen Technologies Inc., 
Sunnyvale, Calif.-based company 
that makes firewall and virtual pri- 
vate network hardware and soft- 
ware, announced last week that 
Microsoft Corp.’s SQL Labs, the unit 
that works on SQL Server, is using 
NetScreen’s 500-series security 
appliance defend its network 
against Code Red, Nimda and other 
worm attacks. The choice was made 
despite the fact that Microsoft al- 
ready sells its own security product, 
Microsoft Internet Security and Ac- 
celeration Server, which is touted 
as a defense against worms. Micro- 
soft declined comment beyond 
SQL network engineer's endorse- 
ment the NetScreen product. 


CRM Suite for 


Microsoft last week detailed a plan 
release the fourth quarter Web- 
based customer relationship man- 
agement (CRM) software based on 
its .Net platform. The suite will pro- 
vide a Web-based system for man- 
aging accounting, human resources, 
supply chains and customer rela- 
tionships businesses with 
500 employees, Microsoft said. 
will offered hosted service 
and as a product that companies 
can deploy their own servers. 


Short Takes 


AOL TIME WARNER INC. confirmed 
Friday that has hired executive 
search firm help find new head 
for its flagging AMERICA ONLINE 
INC. Internet unit. . . . Increasing 
market share in the server market- 
place helped DELL COMPUTER 
CORP. boost its earnings estimates 
for its second fiscal quarter 2003. 
. .. ACCENTURE LTD. narrowly beat 
revenue and earnings expectations 
for the third quarter its 2002 fis- 
cal year. About 27% develop- 
ers China are currently writing 
Linux applications, according to a 
survey 700 developers EVANS 
DATA CORP. Santa Cruz, Calif. 


Southwest Expands 
Business Tools’ Role 


Will manage operational data with tools 
that helped stabilize finances after attacks 


MARC SONGINI 
EARLY YEAR af- 
ter Sept. the 
ensuing plunge 
airline rev- 
enues, Southwest 

Airlines Co. pleased with 
the performance its business 
intelligence applications for 
financial management that 
plans expand deployment 
include flight operations and 
maintenance. 

While some companies have 
difficulty getting the most out 
their very expensive analytic 
applications, the middle 
crisis, the Dallas-based airline 
successfully put its Hyperion 
Solutions Corp. Essbase online 
analytical processing (OLAP) 
application and Pillar budget- 
ing software the test, accord- 
ing one the company’s top 
financial executives. Southwest 
was able accurately make fi- 
nancial forecasts help pre- 
pare adequately for the severe 
market downturn. 

Indeed, Southwest one 
the rare companies that has 
exploited its business intelli- 
gence applications success- 
fully, said Lee Geishecker, 
analyst Stamford, Conn.- 
based Gartner Inc. 


Key Success 

success resulted 
from its ability tie its enter- 
prise resource planning appli- 
cations its OLAP software 
and then present relevant fi- 
nancial data and scenarios 
its decision-makers. 

Typically, companies don’t 
adequately tie their financial 
applications into OLAP sys- 
tem, analyze their data ana 
then meaningfully present 
business personnel, but South- 
west has proved that can 
done, Geishecker said. 

Right after the terrorist at- 
tacks, the airline was operating 


“in world complete uncer- 
tainty,” said Mike Van Ven, 
vice president financial plan- 
ning and analysis Southwest. 
“We were asked give some 
sort financial insight for va- 
riety decisions the company 
might make.” 

Prior the roughly mil- 
lion installation Essbase 
from Sunnyvale, Calif.-based 
Hyperion 1999, Southwest 
analysis personnel had write 


queries hand, spend per- 
haps half hour running them 
and then put the figures into 
spreadsheets for additional 
analysis, which could take 
four hours. However, Ess- 
base has cut that time lit- 
tle two minutes, said Van 
Ven, which 
savings for the airline. 

After running worst- and 
best-case scenarios and creat- 
ing forecasts, Southwest was 
able come with action 
plan stabilize its finances. 
helped answer questions like, 
“How fast would burn 


through our cash?” Van Ven 


Teradata Pricing 
Gartner Warns 


New nodes are 25% 
slower, firm claims 


JAIKUMAR VIJAYAN 
Gartner Inc. cautioning NCR 
Corp.’s Teradata customers 
against overpaying for some 
recently introduced hardware, 
response what the re- 
search firm calling “illogical 
pricing practices.” 

The warning relates anew 
generation NCR’s massively 
parallel WorldMark servers 
that were introduced May. 

According Gartner, the 
new two-processor nodes that 
are used the latest World- 
Mark 5300 servers provide 
only 75% the pertormance 
available with the four-proces- 
sor nodes used the previous 
WorldMark 5255 servers. But 
NCR insisting selling the 
new nodes the same price 
the older nodes, Gartner said. 

advisory released earli- 
this month, Gartner analyst 
Kevin Strange said 
prices “are not line” with 
standard industry practice. 


“By comparison, recent gen- 
erations Hewlett-Packard, 
IBM and Sun Microsystems 
high-end Unix servers effec- 
tively cut the hardware cost 
processing power increasing 
the processor speeds 
50% with little, any, increase 
price,” the advisory noted. 

Vickie Farrell, a vice presi- 
dent NCR’s Teradata ware- 
house group, challenged Gart- 
ner’s position. “What sell 
complete solution that in- 
cludes hardware and software,” 
Farrell said. “The list price 


concern that 
have raised 
with NCR 
management. 


MOHAMMAD RIFAIE, 
ROYAL BANK OF CANADA 
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Navigating 
Tough Times 


Since Sept. 11, 
OLAP application from Hyper- 
ion has helped create 
what-if financial scenarios. 


Forecasts based those 
scenarios are within 
actual operating numbers. 


New role-based views 
permit personnel access 
operational data well 
financial figures. 


said. So far, the forecasts have 
been within the actual 
operating numbers, noted. 
Overall, the application has 
paid for itself through the sav- 
ings that resulted from au- 
tomating the data collection 
processes, Van Ven said. 


the box totally irrelevant. 
don’t sell off-the-shelf hard- 
ware. sell uniquely config- 
ured systems that meet cus- 
tomer’s particular needs.” 

fact, she said, when per- 
formance compared, 5300 
server costs 11% less than 5255 
the same performance level. 

The real problem lies 
continued unwillingness 
publish list prices its hard- 
ware, Strange said. Unlike other 
vendors that have clearly pub- 
lished prices, NCR uses a bun- 
dled pricing model that gives 
customers very little idea about 
how much really paying 
for their hardware, said. 

“If NCR doesn’t separately 
publish prices for its hardware, 
how you know for sure that 
what you are getting fact 
cheaper” than previous hard- 
ware? asked. 

NCR’s habit not publish- 
ing prices can troubling, 
said Mohammad Rifaie, se- 
nior manager information 
resource management Royal 
Bank Canada Toronto. 

“This area concern 
that have raised with NCR 


management,” noted. “Tera- 


data very strong technolo- 
and total cost ownership 
and brings very good value 
the table. But think will 
their advantage they pub- 
lish their prices.” 
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Phase deals with authentication sharing 


CAROL SLIWA 

The Liberty Alliance Project 
today will reveal its long- 
awaited 
tions help companies set 
systems that will let users sign 
just once gain access 
host password-protected 
Web sites and services. 

But the mere fact that the 40- 
member-plus consortium, led 
Sun Microsystems Inc. and 
United Air Lines Inc., has final- 
produced something tangi- 
ble may impress some industry 
observers more than the de- 
tails about the technical speci- 
fications backs, such the 
Security Assertion Markup 
Language (SAML). 

lot people had been 
skeptical, and they didn’t really 
understand what this Liberty 
Alliance was about,” said 
David Smith, analyst 
Gartner Inc. Stamford, Conn. 

Founded last September, the 
Liberty Alliance Project prom- 
ised create technical specifi- 
cations that would permit sin- 
gle sign-on and decentralized 
authentication based open- 
available technologies. The 
initiative created alternative 
Microsoft Corp.’s Passport 
system, which authenticates 
only users who access sites 
that support Passport. 

Both the Liberty Alliance 
and Microsoft have taken great 
pains stress that they don’t 
compete. Bill Smith, Sun’s rep- 
resentative the Liberty Al- 
liance, said last week, 
hope that Microsoft anyone 
with interest identity 
management would join the 
work we're doing.” 

Meanwhile, Adam Sohn, 
product manager Microsoft, 
said his company could join 
the alliance, work informally 
with the group interoper 
ability standards simply 


FLASHBACK 


For background information on the formation 
of the Liberty Alliance Project, visit us online. 


QuickLink: 25674 
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work make sure its Passport 
system can share information 
with sites that support the Lib- 
erty specifications. 

That sort rhetoric has been 
going for months with little 
movement, but Microsoft now 
has real specification re- 
view. take look the 
spec and figure out what the 
next steps are,” Sohn said. 


The Project Base 

The Liberty specification 
based SAML, XML- 
based security standard for ex- 
changing authentication and 
authorization information, but 
will also define extensions 
SAML, according James Ko- 
bielus, analyst Midvale, 
Utah-based Burton Group. 


FOUNDED: September 2001 


OBJECTIVE: promote federated network identity system for the Inter- 
net that enables single sign-on for consumers and businesses. 


MANAGEMENT BOARD: American Express Co., AOL Time Warner 
BCE Citigroup Inc., France Telecom, General Motors Corp., Hewlett- 
Packard Co., MasterCard International Nokia Corp., NTT DoCoMo, 
Openwave Systems Inc., RSA Security Inc., Sony Corp., Sun Microsystems 
Inc., United Air Lines Inc., Vodafone Corp. 


Kobielus said the Liberty 
specs use the basic formats 
and protocols SAML and 
add extensions support ac- 
count linking, “identity fed- 
eration.” “Opaque identifiers” 
traverse the Internet, serving 
users access other sites, but 
they don’t contain personal ac- 
count information, said. 

For instance, user might 
book flight one site and 


linked other sites for car and 
hotel reservations, but all his 
unique account information 
would managed separately 
the airline, rental car and 
hotel companies, Kobielus said. 

“Liberty makes difficult 
aggregate personal data across 
linked accounts,” Kobielus said. 
But users can opt link their 
accounts, added. 

Phase the Liberty speci- 
fication deals strictly with au- 


thentication sharing, accord- 
ing Sun’s Smith. Phase 
already under discussion, but 
details are available. 

How well the Phase spec 
works practice remains 
seen. Sun, Novell Inc. and 


other companies today are ex- 


pected pledge support the 
Liberty specifications their 
respective products. 

Also today, about dozen 
companies, including Novell, 
Sun and IBM’s Tivoli division, 
are scheduled demonstrate 
SAML-enabled products 
hospitality suite sponsored 
the nonprofit Organization for 
the Advancement Struc- 
tured Information Standards. 

Gartner’s Smith said corpo- 
rate departments will prob- 
ably want make their exist- 
ing systems work the Liber- 
environment rather than 


throw out what they have and 
buy new products. But that 


could mean custom coding for 


Novell Lays Out Road Map 
For New Directory Services 


But company has 
yet specify dates 


CAROL SLIWA 
Novell Inc. today plans un- 
veil 18-month road map for 
its eDirectory server software, 
dubbed Project Destiny, that 
outlines its strategy extend 
secure identity management 
every aspect Web services. 
But while the software maker 
drawing analysts’ praise for 
heading the right direction, 
far the only product that has 
expected year’s end ship 
date the Universal Descrip- 
tion, Discovery and Integration 
server that’s being 
built its eDirectory server. 
“They have lot good 
ideas, and they’ve had them for 
while. But when are they go- 
ing deliver?” said Mike Neu- 
enschwander, analyst 
Burton Group Midvale, 
Utah. “They’re trying jump 


the gun and thought 
leader. It’s more important for 
them product leader.” 
least with the Web ser- 
vices and UDDI plans, Novell 
may running ahead the 
demand curve. departments 
have hardly been rushing to 
build Web services use pub- 
lic UDDI repositories that can 
help them find information 


about how their trading part- 


ners want interact. 

The first part Novell’s di- 
rectory services road map calls 
for the addition server 
its eDirectory that will bring 
user authentication and access 
control UDDI registries. 
That will allow authorized 
users add information 
and query information from 
UDDI registries, according 
Anderson, director prod- 
uct management for the com- 
pany’s identity services group. 

Anderson said anticipates 
that large companies will start 


deploy internal UDDI re- 


positories next year. pre- 
dicted that some will experi- 
ment with the federation 
their internal repositories 
they can share information 
with business partners. “It will 
become more prominent 
2004 and forward,” said. 
Neuenschwander said the 
UDDI server represents only 
“one-sixteenth” what Novell 
wants through its Des- 
tiny road map. “The marketing 
guys are getting ahead the 
engineering guys,” said. 


Novell’s Plans 


UDDI server, built 
eDirectory, add authentica- 
tion and access control 


One management point for 
user identities drawn from multi- 
ple applications and services. 


rules-based engine that will 
help directories manage user ac- 
cess network resources based 
their roles organization. 


federated system allow 
businesses securely share 
identity data with their 


timetable was announced 
for several key pieces the 
plan, other than that they will 
delivered next year, accord- 
ing Novell spokesman. 

Those pieces include native 
support for XML and the Sim- 
ple Object Access Protocol 
(SOAP) in the eDirectory serv- 
er; single point manage- 
ment for user identities drawn 
from multiple applications and 
services; rules-based engine 
that will help directories man- 
age user access network re- 
sources; and federated system 
that will allow businesses se- 
curely share identity informa- 
tion with business partners. 

Anderson said 
pieces will modular add-ons 
eDirectory, which the foun- 
dation Project Destiny. 

John Enck, analyst 
Stamford, Conn.-based Gart- 
ner Inc., said the real value 
Novell’s 
plan will from policy-based 
identity management, which 
will allow more users ad- 
ministered fewer people. 

not going have 
burn resources for simple 
task like adding maintaining 
user information multiple 
directories,” Enck 


Alliance Unveil Single Sign-on Technical Spec 
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Oracle Again 
With Messaging Wares 


Aims compete 
against Exchange 


JENNIFER DISABATINO 
RACLE last 
week announced 
back-end collab- 
oration software 
that the compa- 

hopes will compete with 

Microsoft Corp.’s Exchange. 

Oracle Collaboration Suite 
includes ready-made links 
Oracle’s databases, unified 
messaging 
technology from newly ac- 
quired Steltor Inc. Montreal. 

The move partly intended 
prevent Microsoft from con- 
trolling the messaging market 
and being able dictate how 
Oracle software will interoper- 
ate with Exchange, said Rene 
Bonvanie, vice president 
product marketing Oracle. 

think ... Lotus irrele- 
vant this market,” Bonvanie 
said. “If we don’t stand up, Mi- 
crosoft will gobble every- 
thing, including Lotus, the way 
they did Novell few years 
ago,” said Bonvanie, referring 
GroupWise, messaging 
product from Novell Inc. 

“At the end of the day, two 
companies will battle out for 
predominance, and think 
that have very serious 
shot this,” said Bonvanie. 


‘Heavy Lifting’ 

Not surprisingly, Microsoft 
and Lotus Software Group ex- 
ecutives were somewhat dis- 
missive the announcement. 

been this market 
for five-, six-plus years. 
done lot heavy lifting,” said 
Chris Baker, lead product man- 
ager for Exchange Micro- 
soft. “So they really have, 
maybe best, 1.0 products.” 

Baker added that Oracle’s of- 
fering may have strengths that 
Microsoft doesn’t, but it’s not 
full-featured product. “It’s very 

Brill, {BM Software 


operations manager, offered 
similar views. have déja 
sense,” said. “This like the 
ninth time that they’ve tried 
get into the market.” 

Still, one Notes customer 
said Oracle’s offering worth 
considering. Lenox Inc. 
switch Exchange because 
the cost maintenance and 
the difficulty integrating 
Version R4.6 Notes with Mi- 
crosoft’s Office software. How- 
ever, the company would have 
looked Oracle’s new product 
that decision hadn’t been 


made, said Bob Palmer, vice 
president Lenox. “To 
what degree, it’s hard say 
without understanding [the 
product]. One the issues 
with Oracle that everything 
database-driven, and that re- 
quires database licensing. It’s 
very expensive proposition 
get into that ballgame. they 
could provide solution that 
scales cost-effective man- 
ner,” may worth it, said. 

“Microsoft, for better 
worse, they allow you get 
into various solutions more 


High-Speed Wireless Service 
Debuts, Draws Keen Interest 


256K service based IPWireless technology 


BOB BREWIN 
Next month, the Hyatt Re- 
gency Maui Hawaii will start 
offering hotel guests mobile 
wireless service that blazes 
along 256K bit/sec. four 
five times the speed next- 
generation high-speed data 
services provided cel- 
lular carriers. 
Gary Bulson, di- 
rector engineer- 
ing the Hyatt 
Corp. hotel, said 
the capital cost 


Mobile/Wir 
Mobie/ Wi 
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this topic, visit our Web site: 
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both mobile and fixed wireless 
services Maui, with prices 
ranging from $12.95 per day for 
guests using the mobile service 
per month for 768K 
bit/sec. fixed service enter- 
prise customers, price Berk- 
off said compares favorably 
with cable modem Digital 
Subscriber 
rates the island. 

The company 
offers the service 
based the inter- 
national Universal 


For more on 


the service only 
$10,000, which was the price 
the pocket-size modems that 
tap into the high-speed service 
provided Maui Sky Fiber 
LLC Kihei, Maui. 

Steve Berkoff, managing di- 
rector Maui Sky Fiber, said 
his system, which will eventu- 
ally blanket the island Maui, 
has raw throughput 
bit/sec. plans, however, 
cause don’t have demand 
for that kind speed Maui.” 

Maui Sky Fiber plans offer 


Mobile Telecom- 
munications System standard 
over licensed system operat- 
ing the 2.5- 2.6-GHz Mul- 
tichannel Multipoint Distribu- 
tion System (MMDS) frequen- 
band. That band has been 
designated the Federal 
Communications Commission 
for fixed wireless operations 
delivering video data. 
Berkoff said the key his 
operation technology devel- 
oped San Bruno, 
based 
takes advantage multipath 


added. “You don’t have 
Fortune 500 company de- 
ploy their solutions.” 

don’t think most people 
will rip and replace. But the fu- 
ture uncertain,” said David 
Ferris, president Ferris Re- 
search Inc. San Francisco. 

The suite has potential, said 
Michele Rubenstein, board 
member the Messaging Fo- 
rum The Open Group San 
Francisco. “With Oracle and 
above, you have the LDAP 
Directory Access 
Protocol] connections, and you 
can tie this into directory ser- 
vices and PKI [public-key in- 
strastructure],” she said. “Ora- 
cle has market share data- 
base, and Microsoft has market 
share the messaging [client]. 
From user perspective, that’s 
the best both worlds.” 


signals, which Chris Gilbert, 
CEO IPWireless, said the 
Holy Grail radio frequency 
engineering. Gilbert said his 
firm has developed patented 
software harness the power 
multipath signals for quan- 
tum increase throughput. 

Berkoff said was initially 
skeptical about the IPWireless 
technology. However, not only 
does work, but does 
far lower capital costs than so- 
called third-generation cellu- 
lar wireless systems such 
those offered Nokia Corp., 
said. Berkoff estimated 
his capital costs per cell 
$250,000 per cell for similar 
equipment from vendor such 
Espoo, Finland-based Nokia. 

Joe Brooks, vice president 
sales and market development 
for the Broadband Solutions 
division financially troubled 
WorldCom Inc., said his com- 
pany believes the technol- 
ogy enough deploy its 
MMDS system Memphis. 
Commercial service slated 
start next month. 

have’t seen anything like” 
IPWireless’ technology, which 
could real plus for World- 
Com, Brooks said. WorldCom 
spent billion for its nation- 
wide MMDS licenses the late 
1990s. Since the IPWireless mo- 
dem easy for customer 
install, Brooks said, could 
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stand up, 
Microsoft will 
gobble 
everything, in- 
cluding Lotus, 
the way they 
did Novell 
few years ago. 


RENE BONVANIE, VICE PRESIDENT 
OF PRODUCT MARKETING, ORACLE 


save WorldCom the costs asso- 
ciated with sending out in- 
stallation technician. 

Analyst Lindsay Schroth 
The Yankee Group Boston 
called the technol- 
ogy “incredible,” noting that 
gives suppliers and customers 
high-speed fixed portable 


vs. 
Cellular Data 


Pricec 


ri 


bit/sec. raw speed 


month, for mobile, 256K bit/sec. 
service with unlimited use 


sec. fixed service for unlimited use 


AT&T WIRELESS 
mobile data service 


downloaded for $30 month 


loaded month for $100 month 
VERIZON WIRELESS 

mobile data service 

minutes for $35 per month 
minutes for $300 
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Frequently asked question / FAQ 


It's the question we hear most frequently: how can you leverage your investment in existing infrastructure but 


not miss out on the benefits of new technology? Ar The Sprint network boasts seamless interoperability 


between IP. frame relay and ATM platforms — just what you need to help take advantage of current systems 


while migrating to new technology 


Anytime to virtually anywhere connectivity 


We're the only telecommunications provider that supports both nationwide wireless and wireline acc to 


your critical data applications. We can help you integrate wireline IP services with the latest wireless always-on 
real-time mobile data solutions. The result? Try higher productivity with access to your data anytime you 


need it — in the office or on the road 


“Any to any” connectivity 


We've also engineered a network solution that marries the “any to any” connectivity of IP to the reliability and 


security of frame relay. It’s called Internet Protocol Intell Frame Relay (let's just call it IPiIFR), and it’s bas 


What this can give you is VPN services that (1) provide n ed connectivity (2) without multiple PVCs (3) while 


maintaining predictable scalability. In other words: you can add locations and new applications without replacing 
your existing infrastructure or adding significant costs 


Get more from existing technology and get ready for the latest — another sign of an intelligent network and the 


people who make it work (for you). 


For more answers, visit our complete library white papers 


sprint.com/whitepapers/13 call 1-877-604-1844. 


: flexibl rchitect that can run over multiple backbone technologies — a domestic industry first 
on a flexible router architecture that can run over multiple backbone technologies — a domestic industry first se 
| | : 


EMC Taps Accenture 
For Consulting Unit 


EMC Corp. last week announced the 
creation of Information Solutions 
Consulting, a business unit that it 
will operate in a five-year pact with 
Accenture Ltd. The unit ele- 
ment the Hopkinton, Mass.-based 
company’s strategy to remake its 
business so that 50% of revenue is 
derived from hardware, 30% from 
software and 20% from services. 


Tools Available for 
Visual Studio 


Microsoft Corp. last week made 
available educational materials and 
a tool kit to help developers build 
applications using the Visual Studio 
.Net development environment. 
Also, integration software devel- 
opment kit enables companies to 
hook their internally built tools into 
the Visual Studio .Net environment. 


Microsoft Joins 
LinuxWorld Exhibitors 


Microsoft for the first time will spon- 
sor a booth at the LinuxWorld Con- 
ference & Expo, to be held next 
month San Francisco. The compa- 
ny will display wares such as its em- 
bedded operating systems. “I would 
definitely not treat this as a move 
[by Microsoft] to open source, but 
as a way to reach people we have 
reach,” said Pete Houston, senior 
director of Microsoft's Windows 
server product management group. 


Security Flaw Found 
Web Server 


A security vulnerability in the 
search feature Sun Microsystems 
Inc.’s iPlanet Web server can allow 
attackers to execute code of their 
choice on remote iPlanet servers, 
according to a security advisory 
released last week U.K.-based 
Next Generation Security Software 
Ltd. The flaw affects iPlanet Web 
server Versions 4.1 and 6.0. 


California Proceeds 
Without Dept. 


New unit create plan deal with 
procurement, security issues state 


MARC SONGINI 
ITH THE re- 
cent demise 
central 
oversight 
department, 
the state California during 
the next weeks and months 
must cobble together proce- 
dures both procure and se- 
cure its multibillion-dollar 
systems. 

Lacking legislative reautho- 
rization, the state’s Depart- 
ment Information Technol- 
ogy (DOIT) officially ceased 
exist July largely because 
its role controversial 
database licensing agreement 
with Oracle Corp. 

For now, state agencies must 
work with the Department 
Finance and assume responsi- 
bility for their own projects. 


But Gov. Gray Davis also creat- 
new unit, the Technology 
Oversight and Security Unit 
(TOSU), whose task 
come with long-term plan 
help manage the state’s multi- 
billion-dollar investments. 


Botched Deal 

The DOIT was created 
1996 oversee high-tech proj- 
ects throughout California. Af- 
ter earlier controversies, its for- 
tunes declined irreversibly 
April, when scathing report 
from the state auditor’s office 
laid its door much the 
blame for approximately 
$126 million exclusive database 
licensing deal with Oracle. 
The deal, called enterprise 
licensing agreement (ELA), 
would have wound costing 
more money than competi- 


FOLLOWING THE DEMISE 
CALIFORNIA’S DOIT: 


State agencies will work 
with the Finance Department 
oversee projects. 


Gov. Gray Davis created the 
Technology Oversight and 
Security Unit develop 
long-term for managing 
the state’s infrastructure. 


The TOSU expects estab- 
lish procedures secure the 
state network, make bidding 
processes more fair and pro- 
mote communication among 
California leaders. 


tively bid license, the auditor 
claimed. 

Oracle declined comment 
the DOIT’s expiration, and 
negotiations are under way 
rescind the ELA. 

The head the TOSU 
Clark Kelso, law professor 
the McGeorge School Law 
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the University the Pacific 
Sacramento. said his pri- 
mary task will create 
road map for what the unit 
wants accomplish during 
the next months. 

Among the long-term goals 
make sure all purchas- 
are done fairly and ethically, 
said. “We want reduce 
any appearance bias fa- 
voritism,” Kelso told Computer- 
world last week. 

also said the state has 
better job securing its 
network, not just because 
concerns about cyberterrorism, 
but also because there was 
unauthorized intrusion into 
computer the state’s Teale 
Data Center. The hackers who 
broke into that system were 
able access the Social Securi- 
numbers and payroll infor- 
mation all state employees 
30215]. 

Among the lessons Kelso 
said has learned from the 
DOIT collapse the need for 
departments communi- 
cate with other branches 
organization about projects and 
their worth. “DOIT did not ful- 
engage the legislature and 
didn’t let know what was 
doing and what value they 
were contributing,” said. 


FBI's New Undaunted 


Says private-sector 
past will aid post 


TODD WEISS 

After serving 
the worldwide 
director in- 
formation and 
communications 
systems for the 

million-member 
Church Jesus 
Christ Latter- 
day Saints Salt Lake City 
since 1990, Darwin John will 
join the government today 
the new CIO the FBI. John, 
64, was named the post last 
week FBI Director Robert 
Mueller III replace Bob 
Dies, who served for two years 
both CIO and assistant di- 


rector for information re- 
sources the agency [Quick- 
Link: 31258]. 


Since the terrorist attacks the 
U.S. last September, systems 
the FBi and other federal 
agencies have come into ques- 
tion. Some reports say the sys- 
tems are antiquated and much 
decade out date. Where 
you begin make changes 
help the FBI fight terrorism? Di- 
rector Mueller has stated pub- 
licly that there some catch- 
ing do. He’s been clear 
about that. Some news re- 
ports, believe, may have been 
exaggerated. don’t see any 
challenge that isn’t doable. 
Since yet started 
the agency, haven’t been 
close enough the FBI’s situ- 
ation know exactly what 


hallenges 


will needed. will see when 
get there. One specific infor- 
mation management part 
new job will ensuring 
that the right information 
captured and accessible 
those who need access and 
not accessible those who 
have access. 


How will your previous experi- 
ences help you prepare for and 
perform your new job the FBI, 
where fighting terrorism has be- 
come the new mantra? Across 
experiences are some sys- 
temic things that are very 
much in common, such as 
supporting the enterprise and 
helping realize its reason 
for being. belief that 
basic CIO leadership very 
transferable across those vari- 
ous kinds environments 


where have worked. 


What were your responsibilities 
your job with the church? 
have been focused similar 
things, such anticipating 
the future, setting strategic 
direction and doing develop- 
ment work put tools and 
people place support the 
church’s mission. job also 
entailed minding the shop day 
day and ensuring that the 
infrastructure was reliable and 
secure. 


What are your thoughts you 
start this job, knowing how im- 
portant may the future 
security our nation, which 
facing the continuing threat 
terrorism? this stage 
life, when most people would 
probably thinking about 
playing golf more often, I’ve 
still got some passion about 
seeing can help make 
difference for the country. 
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Figure 6 


The Microsoft® SQL 2000/Unisys solution offers 
$3.2 million savings compared with the Oracle/Sun system 
over five-year period. 
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discovered that the current state and Intel solutions 
offers considerable savings and attractive alternative the classic 
RISC/UNIX solutions for implementation. 
i Source: Walklett Group, February 2002 
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License Tracker Launched 
Microsoft Deadline Looms 


Users can get snapshot software assets 
preparation for contract negotiations 


CAROL SLIWA 
MICROSOFT users 
face key July li- 
censing deadline, 
Canadian firm last 
week launched its 
LicenseTracker service help 
companies take stock their 
Microsoft software prepara- 
tion for contract negotiations. 

Through the LicenseTracker 
service from AssetMetrix Inc. 
Ottawa, corporate users can 
inventory all the Microsoft 
Corp. software running 
their desktops, laptops and 
servers. They can then gain 
access Internet-based re- 
ports that provide details 
the product versions being 
used and the build numbers 
and license keys. 

“They can inventory their 
entire population literally 
hours, matter how central- 
ized and how big they are,” 
said Paul Bodnoff, president 
and CEO AssetMetrix. 

Under Microsoft’s old licens- 
ing system, many companies 
didn’t keep track their li- 
censes, and result, some 
them overbought under- 
bought when the time came for 
upgrades, Microsoft CEO Steve 
Ballmer told Computerworld 
last month. 

Now that the company’s new 
Version 6.0 volume licensing 
program taking effect, com- 
panies are being advised get 
accurate snapshot their 
software assets order de- 
termine which the new pro- 
grams, any, will make sense 
for them. 

“It’s really never too late 
implement some type asset 
management,” said Alvin Park, 


DEADLINE DETAILS 


For more information on Microsoft's 
licensing deadline, visit our Web site. 


QuickLink: 30803 
www.computerworld.com 


analyst Stamford, Conn.- 
based Gartner Inc. 

However, with just days 
left before the licensing dead- 
line, Park said he’s not sure 
how much the LicenseTracker 
service can help. 

Rebecca LaBrunerie, prod- 
uct manager worldwide li- 
censing and pricing Micro- 
soft, said she was unfamiliar 
with the product and thus un- 
able comment its merits. 

long said that custo- 
mers need understand what 
software assets they have 


the first step making in- 
formed licensing decision,” she 
said. “But again, can’t com- 
ment the results gener- 
ated third-party product.” 
Users have until July 
Software Assurance program, 
which entitles company 
receive the latest versions 
Microsoft products during its 
contract term. Enrolled com- 
panies pay 25% the volume 
license fee for server software 
products and 29% for desktop 
products annual basis. 
Another option open until 
July Upgrade Advantage, 
which moves company the 
current version Microsoft 
software product and “grand- 


fathers” them for Software As- 
surance later date. 
Companies that don’t opt 
for Software Assurance Up- 
grade Advantage can simply 
buy new software licenses, 
potentially higher costs, 
later date. they can get their 
Microsoft software licenses 
part hardware purchase. 
The LicenseTracker service 
costs per seat through July 
31. Customers may then opt 
upgrade full-service sub- 
scription. AssetMetrix’s Impact 
service costs per seat for 
30-day subscription; its Proj- 
ect service per seat for 
90-day subscription; and the 
Premier service $15 per seat 
for full-year subscription. 
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July 


The direct period 
for new Software 
Assurance program ends. 
Software Assurance entitles cus- 
tomers the latest version 
Microsoft product. The annual 
cost 25% the volume license 
fee for server product and 29% 
for desktop product. order 
eligible, company must 
running the most current version 
the product. After July 
company must purchase new 
licenses order eligible for 
Software Assurance. 


Version 
volume licensing program 
ends and the Upgrade Advantage 
option will longer available. 
Upgrade Advantage entitles 
company all available upgrades 
product and thereby “grand- 
fathers” the company eligi- 
ble move the new Software 
Assurance program. 


Microsoft Releases Content 
Management Server Beta 


Product features 
tool integration, 
Web services support 


CAROL SLIWA 
Microsoft Corp. last week re- 
leased beta version its 
Content Management Server 
2002 that features additional 
authoring and administration 
capabilities, well native 
support for XML and key Web 
services standards. Perhaps 
most notable, however, its 
tighter integration with many 
Microsoft’s other products. 
One the product’s key 
differentiators, for instance, 
its integration with the Visual 
Studio .Net tool set. The com- 
pany removed developer 
ents from Content Manage- 
ment Server favor the 
new tools, said Chris Ramsey, 
product manager Microsoft’s 
-Net Enterprise Server group. 
Customers purchase 
Visual Studio .Net which 


costs $1,079 for the profession- 
edition will get project 
wizard help them build Web 
sites, saving them from having 
write hundreds lines 
code, according Ramsey. 
Ramsey said customers will 
also get gallery content 
and functionality controls that 
can dragged and dropped 
into applications. Explorer 


Management 
Server 2002 


® Direct publishing from Microsoft Word 


= Native support for key Web services 
standards such as the Simple Object 
Access Protocol 


= Drag-and-drop content management 
server controls 


Source-code management system 
support 


panel designed help them 
navigate content the prod- 
uct’s repository and connect 
their Web site projects. 

Customers can use Content 
Management Server without 
Visual Studio .Net, but Micro- 
soft will recommend that they 
buy both, Ramsey said. 

Other products that have 
tight hooks into the new Con- 
tent Management Server in- 
clude Microsoft’s Office soft- 
ware and Application Center 
server. new authoring con- 
nector lets users create Web 
content Microsoft Word and 
publish directly their Web 
sites via the Content Manage- 
ment Server. Through Appli- 
cation Center, users can manu- 
ally automatically schedule 
the deployment Web site 
throughout the development 
process, from server server. 

Content Management Serv- 
also features tight connec- 
tions other Microsoft prod- 
ucts, such Commerce Server 
and BizTalk Server. 

Nicholas Wilkoff, analyst 
Forrester Research Inc. 
Cambridge, Mass., said that in- 
tegration will help Microsoft 
compete more aggressively 
the enterprise market against 
competition such Docu- 


mentum Inc., Interwoven Inc. 
and Vignette Corp. added 
that those vendors also recom- 
mend various add-on prod- 
ucts, such Java-based appli- 
cation servers and tools that 
must purchased separately. 

“Microsoft puts lot price 
pressure these vendors and 
offers something that’s quicker 
and easier implement,” said 
Wilkoff. But far, the compe- 
tition has landed more cus- 
tomers doing large-scale de- 
ployments date, said. 

Since acquiring the Content 
Management Server product 
last year when bought NCom- 
pass Labs Inc. Vancouver, 
British Columbia, Microsoft 
claims have substantially in- 
creased the number enter- 
prisewide deployments its 
product. 

Jim Murphy, analyst 
AMR Research Inc.in Bos- 
ton, said Content Management 
Server 2001 was “fairly light- 
weight” and that Microsoft won 
deals largely based its mar- 
ket strength and viability. 
said the new product brings 
substantial improvements, es- 
pecially “demonstrable Web 
services capability,” which will 
lift “more par with enter- 
prise competitors.” 
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Meet the 
Contivity 1000 
e 
Series 
How you harness the power and reach the 
Internet way that provides security and 
allows you scale your network? How you 
this without breaking your budget? Look 
further than the Contivity™ 1000 family with 
Secure Routing Technology. The Contivity 1000 
Series enables businesses easily build and manage large VPN networks, using dynamic 


protocols over encrypted tunnels. addition support for dynamic routing 


(RIP and OSPF), comes fully loaded with remote access 
Starting 


under $1,000 


VPN, site-to-site VPN, firewall, QoS and bandwidth 
management. And the good part mix-and-match 
You only buy the services you need initially and turn the rest when you're 


It’s easy turning license key. multiple boxes. installation hassles. 


Low TCO. The Contivity 1000 can installed stand-alone access gateway (with free 
VPN tunnels) behind existing WAN access device, totally off-loading all security 


processing. For more information, visit nortelnetworks.com/contivity. 
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Business Objects 
Buy Acta Technology 


French software maker Business 
Objects announced agree- 
ment last week acquire Acta 
Technology Inc. for close to $65 
million, with plans to join the two 
companies’ data analysis software 
products. Acta, in Mountain View, 
Calif., sells software for collecting 
and organizing data from a variety 
of systems, including enterprise re- 
source planning and customer rela- 
tionship management applications. 


Former Exec 
Replaces EMC 


EMC Corp. said last week that its 
retiring chief technology officer, Jim 
Rothnie, being replaced former 
Computer Corp. executive 
Mark Lewis, who will serve 
EMC’s CTO and executive vice pres- 
ident of new ventures. After Com- 
paq was bought by Hewlett-Packard 
Co., Lewis was named head of 
worldwide marketing and solutions 
Network Storage Solutions, HP’s 
newest storage division. 


Short Takes 


VHA INC. and IBM signed a deal 
that calls for IBM to supply PCs and 
servers Irving, Texas-based 
VHA’s network of 2,200 health care 
organizations. Terms dis- 
closed. . . . Internet auction compa- 
ny EBAY INC. is buying Mountain 
View, Calif.-based online payment 
company PayPal Inc. stock- 
swap deal valued $1.5 billion. 
Three security holes MICROSOFT 
CORP.'S SQL Server and one in an 
encryption plug-in made by Network 
Associates Inc. for Microsoft's Out- 
look e-mail client were patched 
the vendors last week. SAP 
issued warning that it’s reducing 
its revenue and earnings expecta- 
tions for its just-ended second quar- 
The U.S. House Represen- 
tatives last week approved legisla- 
tion requiring the NATIONAL INSTI- 
TUTE STANDARDS AND TECH- 
NOLOGY develop standards for 
improving supply chain integration. 


IBM Hits Both Ends 
Storage Market 


New Shark servers double performance 
predecessor; NAS device aimed low end 


LUCAS MEARIAN 
will soon offering 
new low- and high-end 
storage arrays aimed 
challenging rivals such 
Hitachi and Dell with 

faster devices that provide 

lower ownership costs. 
IBM said this week that 
will soon release two new ver- 


sions its high-end TotalStor- 
age Enterprise Storage Server, 
also known Shark. The new 
Shark Model 800 and 800 Tur- 
have, respectively, two and 
two and half times the perfor- 
mance the current model 
and operate bit/sec. data 
transfer rates. 

The Shark available with 


Adoption Expected 


Analysts say OS, 
software needed 
inspire confidence 


JAIKUMAR VIJAYAN 
Intel Corp.’s 64-bit Itanium 
processors may ultimately re- 
place their RISC counterparts 
the technology choice for 
high-end commercial server 
hardware. But don’t look for 
that happen anytime soon. 

The lack enterprise- 
tested 64-bit operating system 
and applications that can take 
immediate advantage of Itani- 
will mean slow adoption 
rate, users and analysts said 
the wake last week’s intro- 
duction the second-genera- 
tion Itanium-2 chip. 

Intel itself said doesn’t ex- 
pect differently. “This not 
something 
ramp overnight,” said Bar- 
bara Grimes, Intel spokes- 
woman. “We are looking this 
the processor technology 
for the next years.” 

Itanium has already begun 
promise viable alternative 
to more expensive RISC boxes 
from vendors such IBM and 
Sun Microsystems Inc. 

The National Center for Su- 
percomputing 


(NCSA) the University 
Illinois Urbana-Champaign 
using Itanium technology 
build Linux cluster with 13.6 
trillion floating-point opera- 
tions per second for scientific 
research purposes. 

been very pleased 
with the performance 
seen far,” said Dan Reed, di- 
rector NCSA. “It’s competi- 
tive with what seen 
RISC-based systems.” 


Big Improvement 

Based early benchmarks, 
Itanium delivers far more 
power and sophistication than 
the disappointing first version 
the chip introduced June 
last year, analysts said. 

“The improvement per- 
formance, least from bench- 
marking tests, suggests that In- 
tel was listening pretty closely 
the concerns and reserva- 
tions that customers and ven- 
dors had the first-generation 
product,” said Charles King, 
analyst The Sageza Group 
Inc. Mountain View, Calif. 

But more pieces have fall 
into place for users able 
migrate commercial appli- 
cations Itanium with confi- 
dence, said Sarang Ghatpande, 
analyst D.H. Brown Asso- 
ciates Inc. Port Chester N.Y. 

The biggest piece needed 


variety options, including 
15,000 RPM disk drives both 
18.2GB and 36.4GB capacities, 
and powered new copper 
microchips. also has 64GB 
internal cache and 3.2G bit/sec. 
internal bandwidth. 

For grocer Royal Ahold NV, 
the new Shark server “signifi- 
cantly increased 
mance” the company’s back- 
and recovery process and 
tripled its storage capacity, 
said Joe Giacometti, senior 


vice president IT. Giacomet- 


Slow 


fully tested, production- 
ready 64-bit operating system 
that can take advantage Ita- 
nium hardware, said. Sever- 
operating systems are avail- 
able for Itanium, including 
Windows 
Limited Edition, Windows 
64-Bit Edition, HP-UX and 
versions Linux from Caldera 
International Inc. and Red Hat 
Inc. But most these are real- 
first versions that are unlike- 
inspire much confidence 
among enterprise users, said 
Ghatpande. 

It’s the same story the ap- 
plication software side. Major 
vendors are porting their soft- 
doing with DB2 and Web- 
Sphere, Oracle Corp. with its 
database technology, and BEA 
Systems Inc. with WebLogic. 
But here, too, the applications 
are first versions and remain 
untested Itanium. 


Until the software matures, 
commercial users are unlikely 


use Itanium for anything 


more than development and 
testing purposes, especially 
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also said the new Shark re- 
duced the cost managing in- 
formation $50 per gigabyte. 

The 800 and the 800 Turbo, 
which carries two additional 
processors, come with Project 
tures that 
configuration 
ment capabilities. 

Mike Kahn, president and 
CEO The Clipper Group 
Inc. Wellesley, Mass., said 
that with the new Shark mod- 
els, IBM has caught with the 
speed Hitachi Data Systems 
Freedom Storage Light- 
ning 9900 enterprise array. 
“The disks essentially get you 
the data faster, and these new 
engines allow you move 
faster,” Kahn said. 

The 800 will generally 
available Aug. 16; pricing will 
depend the configuration, 
which can support RAID-10 
data mirroring and striping for 
performance-sensitive 
cations, such online transac- 
tion processing and Oracle 
databases. 

nounced pizza-box-size net- 
work-attached storage (NAS) 
device aimed low and mid- 
market uses, such local stor- 
age for distributed offices. The 
TotalStorage NAS 100 array, 
which has list price $4,420, 
the third NAS product IBM 
has released the past three 
years. IBM has used the same 
software management applica- 
tions each. 


Faster, 
Smarter Sharks 


Additional software and 
processors and faster disk 
drives give the new Sharks: 


bit/sec. data transfer rates 


Two and two and half times the 
performance the current model 


64GB internal cache and 
bit/sec. internal bandwidth 


data mirroring and 
striping 
Project eLiza software self-man- 


18.2GB and 36.4GB capacities 


af 


| 
mA 


cool things while you wait for disaster hit your company. 


Test 


applications. 
Deploy new applications. 
Shorten backup windows. 
Refresh data warehouses. 


Take whole hour for lunch. 
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Nasdaq Ready Launch 
Stock Trade System 


Technology represents bandwidth doubling 


LUCAS MEARIAN 
FTER SPENDING 
three years and 
$107 million 
project 
cluded the instal- 
lation more than 200 
servers, Nasdaq Stock Market 
Inc. last week said it’s prepared 
launch its SuperMontage 
electronic order display and 
execution system on July 29. 

SuperMontage, which 
real-time, fully integrated or- 
der display and execution sys- 
tem, was built response 
issues such decimalization 
(for the switch-over from re- 
porting prices fractions) and 
increased trade volume. 

“This should reduce intra- 
day volatility through more in- 
formation, 
depth,” said Nasdaq President 
Richard Ketchum. 

The backbone 
telecommunications will 
managed WorldCom Inc. 
and connect 1,000 trade loca- 
tions across the country 
main data center Connecti- 
cut and backup site Mary- 
land. Addressing 
ongoing financial problems, 
Nasdaq CIO Steve Randich 
said the network “separate 
and distinct the World- 
Com employees are dedicated 
the account.” 

“We’re confident WorldCom 
will our provider for the 
next several years,” added. 


Test Stocks 


plans open Super- 
Montage with few test stocks 
and then include about addi- 
tional stocks every week there- 
after. Ketchum said list 
New York Stock Exchange se- 
curities, but had definite 
timeline for that. 

Jim Van Dyke, analyst 
Javelin Strategy and Research 
Inc. Pleasanton, Calif., said 
the adoption SuperMontage 
securities firms 


affected the current eco- 
nomic slowdown. fact, 
noted that rollouts are easier 
when activity level low. 
Nasdaq’s current order dis- 
play system, SuperSOES, will 
used for transactions few- 
million shares until all 
securities have transferred 
SuperMontage. SuperSOES dis- 
plays the best proposed pur- 


chase and selling prices for 
stock, well who partici- 
pating the market for that 
stock and each issue’s most re- 
cent transaction. contrast, 
SuperMontage will aggregate 
the top five proposed purchase 
and selling prices for stock, 
giving traders more access 
possible trades and increased 
transparency, said Adena Fried- 
man, Nasdaq’s executive vice 
president data products. 

“It shows there are lot 
people interested buying 
selling particular stock out 
there,” Friedman said. 

Randich said the technology 
behind 
sents doubling Nasdaq’s 
network bandwidth and offers 


SuperMontage offers 
improvements over Nas- 
SelectNet and Super- 
SOES. For instance, will: 


Provide fully integrated 
order display and execution 
system. 


Display the top five bids 
and offers rather than just 
the single top bid. 


quickly. 
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more scalability for adding 
servers and processors. 
said SuperMontage’s process- 
ing ability nearing 5,000 
transactions per second. 
SuperMontage’s 
systems consist Stratus 
Computer Corp. Continuum 
Series 400 servers, 165 Dell 
servers running Windows 
2000 support new electron- 
products and surveillance 
software, and Hewlett- 
Packard Co. NonStop 
servers with 
each. Randich said Nasdaq will 
the first commercial cus- 
tomer deploy HP’s newest 
high-end server and added that 
has performed well pro- 
cessing performance tests. 


Continued from page 


WorldCom 


” 


bility issue,” said Brunetto. 
“But now doesn’t look like 
anything stable.” 

The WorldCom mess has be- 
come bad dream for many 
IT. None the and tele- 
communications managers in- 
terviewed for this article said 
that they seriously believe that 
switched off, because it’s 
too vital. But they also noted 


consider “what if” scenarios. 

Gary Rosenberg, telecom- 
munications manager Nor- 
tek Inc., manufacturer 
building products 
dence, relies World- 
Com for voice and data. 

Rosenberg 42-year tele- 
com veteran, but 
problems are prompting him 
think new ways. He’s talk- 
ing with vendors about provid- 
ing standby service having 
lines place and ready 
WorldCom fails. 

But having seven backup 
lines just one facility could 


that they have choice but $100,000 month, said 


How Ryder Deals With 


WASHINGTON 

WorldCom daily topic Ryder 
System Inc. The telecommunica- 
tions company's performance 
closely monitored, and once 
week WorldCom official touches 
base make sure everything 
OK. what Eduardo Vital 
wants. 

Ryder, Miami-based trans- 
portation and logistics company 
with 30,000 employees world- 
wide and 1,000 locations North 
America, big WorldCom cus- 
tomer. WorldCom provides close 
80% Ryder's data and voice 
services. When prob- 
lems surfaced, Vital immediately 
contacted the firm make 
arrangements to ensure uninter- 
service delivery. was 


agreed that each week senior 
account representative from 
WorldCom would contact 
operations director discuss sys- 
tems performance. 

WorldCom has “not neglected 
providing services that they 
contracted us, and comfort- 
able there,” Vital said. 

Ryder renewed its contract just 
two months before 
financial problems were dis- 
closed. But Vital said his company 
continues have good working 
relationship with the vendor, and 
believes that the WorldCom 
Officials dealt with were un- 
aware the financial problems. 

have reason doubt their 
honesty,” said. 
Patrick Thibodeau 


Rosenberg. The cost high be- 
cause the vendors don’t have 
pricing mechanisms for run- 
ning lines that aren’t also car- 
rying revenue-generating voice 
and data traffic, said. Rosen- 
berg counters telling ven- 
dors that providing afford- 
able standby service could give 
them leg once telecom- 
munications contracts are re- 
bid. Negotiations are continu- 
ing, said. 

WorldCom’s problems are 
also slap the face 
managers who review ven- 
dor’s financial statements 
part contracting process. 
For months, WorldCom al- 
legedly inflated its earnings 
nearly billion. 


Due Diligence 

Due diligence “just goes out 
the window audited financial 
statements are not be- 
lieved,” said Andy Fisk, IT 
manager the Tribune-Re- 
view Publishing Co., Greens- 
burg, newspaper 
chain. 

Fisk has contacted other car- 
riers provide backup for his 
WorldCom services. But like 
other managers, doesn’t 
want change providers “on 
the off chance they [World- 
Com] are going away,” 
said. But, Fisk added, “on the 
other hand, hate find out 
that they’ve gone away and left 
high and dry.” 

One person who has experi- 
enced 


User Angst 


MANAGERS ARE 
CONSIDERING POTENTIAL 
WORLDCOM FALLOUT: 
DIVERSIFICATION 
Telecommunications providers 
price their services to win an en- 
entire business. The big- 
ger the volume, the lower the cost. 
But users likely find having 
one provider unacceptable. 


SHORTER CONTRACTS 
One-year contracts are more like- 
ly, allow flexibility respond 
pricing changes and provider 
problems. 


COMPETITION WORRIES 
key parts WorldCom are 
sold off, competition could 
narrow, raising prices. 


failure firsthand Brian Voss, 
vice president telecommu- 
nications Indiana Universi- 
ty, 96,000-student institution 
Bloomington. 

The university was using 
services from Teleglobe Inc. 
Reston, Va., when filed for 
bankruptcy protection May. 
Indiana University relied 
Teleglobe provide one 
two high-speed circuits con- 
necting the university 
Asia-Pacific high-performance 
research network. 

“Our circuit went off,” said 
Voss. think what learned 
from that experience that 
it’s probably gocd diver- 
sified.” 
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Burger King Upgrades mySAP.com 


Fast-food industry standardizes apps 


MARC SONGINI 
Burger King Corp. serving 
upgrade SAP AG’s busi- 
ness applications its end 
users. It’s one small but 
growing number fast-food 
companies that are standardiz- 
ing their systems packaged 
enterprise resource planning 
(ERP) applications. 

The Miami-based company 
last month upgraded its instal- 
lation SAP’s R/3 human re- 
sources and finance applica- 
tions Version 4.6c. That sets 
the stage for future phases 
the upgrade Burger King’s 
SAP R/3 ERP application 
the mySAP.com suite. 

During the next year, the 


company also plans turn 
treasury, real estate, budget 
management and self-service 
human resources applications 
part the migration, ac- 
cording Rafael Sanchez, 
Burger King’s CIO. 

For Burger King, the big ap- 
peal mySAP the software’s 
integration capabilities and 
technical maturation, accord- 
ing Sanchez. 

Between 60% and 70% the 
custom modifications SAP’s 
earlier finance and human re- 
sources releases will re- 
placed mySAP functionali- 
ty, said. addition, the real 
estate management applica- 
tion will replace custom ap- 


Tripwire The Data Integrity Assurance Company 


Tripwire” establishes a baseline of data in its known good 
State, monitors and reports any changes to that baseline, 


and enables rapid discovery and recovery when an 
undesired change occurs 


Foundation for Data Security 

®@ Ensure the integrity of your data 

®@ Instant assessment of system state, reporting 
“integrity drifts” 


Maximize System Uptime 
® Eliminate risk and uncertainty 


® Enable quick restoration to a desired state 


plication written SAP’s 
ABAP programming language, 
Sanchez said. 

general, companies in- 
dustries such fast food and 
retail have been slower 
adopt ERP technology than 
manufacturers, said 
Abell, analyst Boston- 
based AMR Research Inc. 


Rollout Challenges 


Some companies 
tant change because they 
face considerable rollout 
lenges, especially their cor- 
porate systems are linked 
individual stores franchises 
that have workers who are rel- 
atively unfamiliar with tech- 
nology, Abell said. 

But Burger King isn’t alone 
turning third party. 


ERP Drive-through 


BURGER KING'S MYSAP.COM 
ROLLOUT PLAN INCLUDES THE 
FOLLOWING APPLICATIONS: 


Live last month: 

finance and human 
resources modules 

Expanded functionality due 

added within the next year: 

Real estate management 
capabilities 

Treasury management, which 
liquidity, currency 
issues and investment portfolios 

human resources 
tools for use employees 


Chick-fil-A Inc., Atlanta- 
based chain, ties its 1,000 
restaurants states its 
data center’s core ERP system 
via virtual private network. 


Lower Costs 


@ Find and fix problems quickly and precisely - 


no more guess work 


Increase Control and Stability 
® Ongoing monitoring and reporting 


Your firewalls and intrusion detection tools alone are 

not enough to keep systems trustworthy. Tripwire’s data 
integrity assurance products are the only way to know 
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mised. For nearly 10 years Tripwire has been helping IT 


professionals know exactly what's changed on their 


systems, and helping them to recover quickly. 


© Copyrignt 2002. Tripwire and the Tripwire logo are registered trademarks of Tripwire, Inc. 


For FREE 30-day 
fully-functional 
call toll-free: 
(874.7947) or visit 
http://enterprise.tripwire.com 
today! 


THE DATA INTEGRITY ASSURANCE COMPANY 


The data center uses Oracle Fi- 
nancials aggregate sales and 
daily business data, said Mark 
Brackett, director informa- 
tion systems Chick-fil-A. 

Chick-fil-A also plans add 
Oracle Internet Expenses 
the ERP system within the next 
month. 

Last August, Chick-fil-A up- 
graded Oracle’s E-Business 
Suite lli from Version 10.7. in- 
stalled human resources, fi- 
nancials and payroll applica- 
tions and added receivables, 
cash management and order 
management software. 

Brackett said the Oracle 
suite, which runs HP-UX 
servers, has helped Chick-fil-A 
automate its accounting sys- 
tem, making possible for the 
company open new stores 
without having add com- 
mensurate number em- 
ployees support them. 
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MARYFRAN JOHNSON 


Wireless Wake-up Call 


CAN’T DECIDE WHAT amazes more 
about the slow-motion security crisis un- 
folding around wireless LANs. the clue- 
are installing unsecured “rogue” wireless 


access points (AP) inside 
their company networks? 
the stubborn re- 
(or just plain inabil- 
ity) many de- 


tively with the problem: server with traffic,” adds security products arriving in- 
Either way, this train Sandeep Singhal, CTO creasingly competitive market. arrangements that have made out- 


wreck heading for sta- 
tion near you. When bad 
things happen good 
corporate data, man- 
agement gets blamed. And 
wireless networks are the 
security equivalents Swiss cheese. 

Unfortunately, those clueless users 
are driving this train. the past two 
years, more than million wireless 
LAN cards and APs were sold. Users 
are the unstoppable force behind this 
third wave uninvited technologies 
invading the corporate space. First 
came PCs, then Web browsers. Now 
it’s wireless access points. 

Over the past several months, 
written many stories about 
wireless network vulnerabilities un- 
covered major airlines, name- 
brand retailers and government 
agencies that ought know better. 
nearly every case, the standard 
defense was claim that the breach 
didn’t really matter because the ex- 
posed data wasn’t “sensitive” pro- 
prietary. Bzzzt! Wrong answer. 

The real danger APs, security 
experts point out, lies the unwel- 
come access your internal net- 
works and how much intruder 
can learn about your systems. “Once 
sitting corporate net- 
work, you can gain universal net- 
work-level access and talk any ma- 
chine,” says Eric Schnack, chief oper- 
ating officer Palisade Systems, 
security vendor Ames, Iowa, that 
specializes protecting network- 


MARYFRAN JOHNSON is 
editor in chief of Comput- 
erworld. You can contact 

her at maryfran_johnson@ 


computerworld.com. 


level access. “You don’t 
want random people in- 
side your network, send- 
ing arbitrary traffic 
mission-critical server 


security infrastructure 
vendor ReefEdge Fort 
Lee, 

So, what are you doing 
about it? Worrying, most- 
ly. this week’s issue 
and our Web site, we’ve pub- 
lished the results our wireless 
LAN security survey 159 pro- 
fessionals nearly half whom 
confessed having confidence 
their own wireless security. Some 
46.5% written any policies 
forbidding employees from installing 
them the first place. 

So, what should you doing in- 
stead just worrying? offer 
plenty ideas from your peers 


“The Security Action Plan,” starting 
page and online [QuickLink: 
But here’s short wireless 
security to-do list: 

the bad cop. Insist that 
maintain total control all wireless 
LAN access, and implement policies 
that make network lawbreakers eligi- 
ble for immediate termination. 

Make sure all wireless network 
cards and base stations are registered 
and secured, and upgrade everything 
128-bit session encryption. 


Require the use VPN ac- 
cess critical resources. 

Enforce periodic reauthentica- 
tion for all users, and restrict LAN 
access rights job role. 

Scan and sniff internal networks 
regularly ferret out rogue APs. 

Most important, accept that wire- 


less networks are the Borg and that 
resistance indeed futile. Aggres- 
sively manage the problem now. This 
one wake-up call you can’t afford 
sleep through. 


FIXING VULNERABILITIES 


The CTO at ReefEdge lists 10 ways to plug the holes in 
your wireless network. 


QuickLink: 31267 
www.computerworld.com 


PIMM FOX 


The Unseen 
Risks 


Outsourcing 


VER WONDER how, 
something isn’t good for 
you, can good for 


someone else? 

The buzz that outsourcing 
win-win situation. Large enterprises 
place the burden maintaining, ser- 
vicing and upgrading operations 
onto third party, which turn makes 
nice profits through economies 
scale. But the recent debacle World- 
Com has brought light questionable 


sourcing agreements viable. 
Because most 
outsourcing 
deals demand 
high upfront 
costs for equip- 
ment, network 
connectivity and 
personnel, the 
initial years 
engagement can 
mean huge loss- 
for the 
provider. mit- 
igate this prob- 
lem, EDS chose, the case its $6.4 
billion, contract with World- 
Com, employ percentage-of-com- 
pletion accounting. That let EDS grow 
rapidly booking some revenue be- 
fore was billed. also let spread 
over several years some the expens- 
But the recent accounting scandals 
bring into question whether this 
method good way analyze 
company’s financial performance. Be- 
sides making difficult figure out 
whether particular contract prof- 
itable, places huge amount risk 
the door the outsourcing firm. 
And you have wonder whether you 
can depend your outsourcer. 
How much longer can this last? 
EDS pulled out the bidding 
outsourcing contract for Procter 
Gamble worth almost billion per 
year, citing too much risk taking 


FOX Computer- 
world’s West Coast 
bureau chief. Contact 
him at pimm_fox@ 
computerworld.com. 
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over majority the consumer prod- 
ucts giant’s back-office operations. 

this warning shot for review 
outsourcing relationships? Out- 
sourcing has been touted effi- 
cient way for companies focus 
what they best while palming off 
the drudgery someone else. But 
learning that the drudgery 
comes with some high costs and might 
not profitable for third parties 
without some financial maneuvers. 

the very least, the scandal should 
refocus the debate whether ex- 
pertise ought genuine cost, built 
into the routine running business, 
and whether you can immunized 
from the risks maintaining in- 
frastructure just signing contract. 

With uncertainty surrounding the ac- 
curacy financial reporting, it’s imper- 
ative that you know the risks your po- 
tential outsourcing firms have in- 
curred. Ask who their largest customers 
are, learn how they plan account for 
your business, and check they’re mak- 
ing money from their contracts. That’s 
the only way verify that win-win 
more than marketing slogan. 


DAN GILLMOR 


Users Must 
Beware 
Legal 


USER communi- 
has never thought 
itself making laws, 


except the extent setting 
down rules inside the enterprise. This 
particular job. 

Maybe it’s time think more broad- 
ly. The way you your job going 
have more impact society large 
than you may want know. 

Recently, some top minds law and 
technology assembled the Berkman 
Center for Internet Society Har- 
vard Law School. One was Lawrence 
Lessig, the Stanford University law 
professor who said, persuasively, that 
the future bleak unless people step 
some serious issues. The forces 
absolute control are the verge 
deciding what kind creativity and 
innovation will allowed, and re- 
sult, they’re damping down progress. 

Lessig’s key insight that code, the 
zeroes and ones, can become law. 
writes, buys, licenses and uses soft- 


ware; code, interrelating 


with other forces, becomes 
one the governing influ- 
ences our lives, just 
the location road 
changes community the 
absence ramp keeps out 
people wheelchairs. 
Societal norms and the 
law say you can buy music 


play car. You can 
buy book and give 
your child. But the age 
digital content, the owners 
the copyrights say these uses are 
bug, not feature. 

they write code that gives them 
utter control over how copyrighted 
material or, some cases, even ma- 
terial the public domain may 
used. Using code, they forbid those 
formerly legal and customary uses. 

Because the owners are well orga- 
nized and financed, they have bought 


DAN GILLMOR 
recording and make copy technology coiumnist 
the San Jose 
Mercury News. Contact 
him at dgilimor@ 
sjmercury.com. 
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political support. Recent 
laws make illegal cir- 
cumvent the code they’ve 
used decimate old law 
and tradition. And few 
big companies, paranoid 
and stuck with outdated 
business models, effective- 
get determine the pa- 
rameters creativity. 

The patent system has 
also run amok. Software 
and business-process 
patents are clear and pre- 
sent threat innovation. 

you use open-source software 
your business, either because works 
well way keep proprietary- 
software companies from owning you 
(or both), beware patents. the Har- 
vard event, manager Microsoft’s 
“shared-source” program, which 
customers can look Windows source 
code under restricted conditions, re- 
peatedly didn’t answer when asked 


Microsoft intended, senior execu- 
tive has openly threatened, use its 
growing patent portfolio against open- 
source programmers. 

needs consider its own needs 
and consequences. Many you are 
telling Microsoft you want locked- 
down PCs far more than today’s 
modeis that can only what sys- 
tems administrators allow them do. 
This, after all, can ensure adherence 
corporate information policies and, 
perhaps, boost security. 

Bake this into the operating system, 
and solved one problem. But 
helped spawn new monster, 
regime which Microsoft and its new 
allies Hollywood and government 
become arbiters far more than they 
already control today. 

It’s world where end users and 
technology innovators, including 
will need permission al- 
ready legal and critical lives and 
businesses. that what you want? 


Open Source Imperfect 


ICHOLAS 
column “Open 
Source’s Open 


Door” 30847] 
fails recognize several 
facts. First, vendor 
changes source code cor- 
rect security hole, it’s re- 
sponsible for any problems 
created that change. Sec- 
ond, in-house modification 
requires considerable re- 
sources maintain and 
document code changes. 
Third, while open source 
isn’t attacked often Mi- 
crosoft systems, that will 
change when becomes 
common Microsoft prod- 
ucts. Finally, open source’s 
very nature provides 
open door for those seeking 
exploit its weaknesses. 
Alan Mercer 

Baltimore 


Palladium Locks Windows 


YOU TRULY believe 
Microsoft pushing 
Palladium for user 


security [QuickLink: 31000]? 
Absolutely not. wants 
sure that every machine 
can run only Windows and 
that every copy Windows 


“genuine.” The benefits 
consumers, any, will in- 
consequential. The true ben- 
eficiaries will groups that 
desire limit the way 
use our computers. used 
think Microsoft was the 
best, but freedom use 
what purchase the way 
that want without permis- 
sion activation more 
important than jumping 
the bandwagon and support- 
ing the only game town. 
Vic Russell 

specifier 

Medina County Building Dept. 
Medina, Ohio 


LTHOUGH the plans 
for Palladium sound 
like improvement 


for security, wouldn’t want 
any hardware modifications 
that would lock into 
Windows and out of, say, 
Linux. 

Ray Hooker 

Durham, N.C. 


Must There Only One? 


ARK editori- 
“The Real Trial,” 
which says 


Microsoft’s influence will 
inevitably diminish regard- 


titrust trial, was well put 
Have 
you noticed how the power 
IBM? guess never went 
away after all. there some- 
thing about computing that 
insists there only one 
dominant player? 

Steven Rubenstein 
Murfreesboro, Tenn. 


Spam Blocked, for Free 


DDLY ENOUGH, the 

most effective spam 

blockers are free 
30604]. Use 
Sendmail your mail serv- 
software and add DNS- 
(DNS blocking list) 
your feature list. Spamcop, 
SPEWS, ORDB and others 
all cost nothing, and they all 
block most spam. know 
use them the mail serv- 
and ISP uses some 
them the mail server that 
get regular e-mail 
through. average less than 
one spam per day, and since 
forward those spams 
Spamcop improve the fil- 
ter, they don’t evade the fil- 
ters for long. far, review 
our reject lists shows only 


less the outcome its an- minimal false positives 


(bounces legitimate mail). 
Charles Oriez 

National legislative chair 
Association Information 
Technology Professionals 

Littleton, Colo. 


Plan for Fashion 


HILE THERE ARE 
certainly benefits 
had using 


CPFR, think this true 
only for products that are 
fairly stable nature, such 
toothpaste and laundry 
soap [QuickLink: 30996]. 
With the fickleness fash- 
ion, apparel retailers would 
only guessing. 

Bob Fately 

Van Nuys, Calif. 
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COLLEAGUE Frank Hayes 
says that “security the new 
s ¥ Y2k” [QuickLink: 30719]. And 
state crisis both the ven- 

dor and user sides and needs full-scale 
remediation effort. 
able deadline that was good focusing 
everyone’s attention the Y2k problem 
and breaking through the usual logjams. 
pressure for remediation will come from 
security audits the federal government, 
predicted futurist Thornton May 

Short federal audits, the pressure 
will have come from corporate CEOs. 
Unfortunately, like Y2k, security doesn’t 
ing get the CEO’s financial support for 
major investments security and dis- 
aster recovery? suggest asking your CEO 

How will the board react Russian 
hackers steal $10 million from our ac- 
counts? (It happened Citibank 1994.) 
ployees can’t get into the headquarters 
building because it’s been cordoned off 
due anthrax scare? 
hit with “security malpractice” 
lawsuit because failed close securi- 
holes that were widely known? 
nerG2 predicts that 90% cyberattacks 
will exploit known security flaws for 
which patch available solution 
to-do list this special report patch 
management (page 28). also suggest 
assembling SWAT team handle secu- 
sources for better disaster recovery. 

can help set the agenda and provide 
implementation tips, but have get 


EDITCR’S NOTE 

But security doesn’t have the immov- 
Lacking natural deadline, maybe the 
(page 47). 
have clear-cut ROI. So, how are go- 
three simple questions: 

How will stay business em- 

How will look Wall Street 

For starters, let’s the easy stuff. Gart- 
known. That’s why one the tasks the 
rity incidents and distributing re- 
the CEO open his checkbook yourself. 


Mitch Betts (mitch_betts@computerworld. 
com) director Computerworld’s 
Knowledge Centers. 
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following online features: 


Industry Q&A: Rusine Mitcheli-Sinclair of IBM Global Services discusses the 


hot trends in corporate security and disaster recovery. 


Case Studies: Companies tackle issues such as disaster recovery for laptops 


and how to monitor all those security sensors. 


QuickLink: ki600 
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The Security 


SPECIA 


to-do list that ranges 
from managing patches 
securing wireless LANs. 


EPOR 


WIRELESS AND MOBILE OFFI 


secure access critical business applications, productivity 
tools, and information databases while the road, home work. With Cisco AVVID enterprise 
INTERNET GENERATION 


The time has come deliver reliable, hassle-free extension 


your enterprise network. With Cisco Mobile Office and 


wireless LAN solutions, your network will become more flexible, 


scalable, manageable, and productive enabling users easy, Cisco SYSTEMS 


architecture, you can all this without any disruption. This standardized enterprise architecture allows 


you seamlessly integrate wireless, voice, video, and data applications single, scalable network. 


This includes new and existing technologies alike. Whether building your enterprise network 


extending with Cisco Powered Network services, take advantage the tools below get done right. 


. se: 
cisco.com/go/mobility 
OPTICAL NETWORKING 
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WHEREVE 


SECURELY CONNEC 


can enterprises remain productive 

and competitive the face chang 

ing—and often unpredictable—busi 
ness conditions? 

This question the minds many 
managers today. One reason that businesses 
worldwide witnessed unprecedented economic 
changes and disasters this past year. result, 
departments are building extra measures 
business resilience into their computing, appli 
cation, and network infrastructures. 

Today, enterprises are discovering that 
addition mirrored data centers and network 
backup systems, mobility becoming key 
component business resilience. Empowering 
users remain productive wherever they are 
located keeps businesses agile and competitive 
they decentralize their operations and scatter 
employees among headquarters, branch offices, 
and home offices, and while users spend 
increasing amounts time away from the office 
business travel 

“If users not have access all their pro 
ductivity tools when they are away from their 
desks, this missed opportunity push 
business forward,” says Charlie Giancarlo, 
senior vice president technology develop 
ment Cisco Systems. Cisco helps businesses 
address this challenge with the Cisco Mobile 
Office, set solutions that empowers 
departments provide secure, high-speed 
connectivity mobile users. 

One example mobility relates busi 
ness resilience the impact that new security 
regulations the airline industry have had 
the traveling public. Business travelers now find 
themselves with significantly more “down” time 
airports. equipped with wireless LAN 


Cisco 


client adapters and secure virtual private net 
work (VPN) client software their portable 
computers, these users have the ability lever 
age emerging public wireless LAN services 
remain productive. addition, hotels and con 
ference centers are also offering both wireless 
and wired Ethernet services for connecting 
mobile users their corporate resources via the 
Internet 

“Similarly, natural disaster weather 
conditions prevent employees from getting 
physical workplace, users who can connect 
securely from home can also keep the business 
moving without much 
Giancarlo 


THE THREE FLAVORS OF MOBILITY 

Users become mobile when they leave their 
wired LAN connections and roam elsewhere 
with their laptops and handheld data devices. 
From there, they might switch wireless 
LAN connection they join meeting down 
the hall work from airport. they might 
plug into another wired broadband connection 
from home hotel that offers wired Ethernet 
services. 

Through the Cisco Mobile Office, Cisco offers 
the networking tools that enable managers 
support these different types connections. 


With these liberating capabilities, though, 


emerge fresh security challenge 
the wireless sector. Successfully addressing 
security is critical to maintaining business 
resilience 

Here, we'll examine how the Cisco Mobile 
Office enables both wireless and wired mobility 
for business customers while solving the securi 
challenges associated with them. 
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AT WORK: WIRELESS LANS 
The Cisco solution for 
mobility within the enterprise 
centers around the Cisco 
Aironet® wireless LAN system, 
which includes the Cisco 
Aironet 1200 Series dual-mode 
access points for both IEEE 
(54 Mbps) networking, client 
adapter cards, and the Cisco 
Access Control Server for 
authentication. 
Wireless LANs deliver the 
freedom work virtually any 
where within building 
around corporate campus 
without the limitation wires 
cables. People confer 
ence room can access information needed make 
decisions, for example, rendering meetings more pro 
ductive. Moreover, wireless networks can serve 
cabling replacement overcome business limitations 
created older buildings and temporary work areas. 
Evidence the impact wireless LANs 
user productivity was revealed study con 
ducted fall NOP World Technology, 
research company that surveyed more than 300 U.S. 
based organizations with 100 more employees 
using wireless LANs. The study showed that wireless 
LAN technology allowed users stay connected for 
additional 1.75 hours each day, which increased 
their productivity much 22%. 


SECURITY AT WORK 

Despite the significant productivity enhancing 
potential wireless LANs, many enterprises have 
been hesitant fully embrace them, largely because 
security concerns. These worries were fueled 
reports last year that the basic security algorithm 
the IEEE wireless LAN standard easy 

These vulnerabilities have since been overcome 
the security enhancements Cisco Aironet prod 
ucts. The Cisco Wireless Security Suite, which 
includes reinforced encryption and authentication, 
makes possible for departments untether 
users without sacrificing network security. 

Sharp Healthcare, regional healthcare delivery 
system based San Diego, California, for example, 
uses Cisco Aironet wireless LANs improve patient 
care enabling bedside care-givers access patient 
data records, order lab tests, and issue pharmaceuti 
cal prescriptions. Without the Cisco Aironet 
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enhanced security measures, 
Sharp would hard-pressed 
meet the stricter standards 
for patient confidentiality 
recently mandated the 
Health Insurance Portability 
(HIPAA), comments Mark 
Weisenberg, director 
network services. 

“The HIPAA requirements 
have direct bearing wire 
less data transfer, and need 
absolute certainty that 
Were not going put patient 
records jeopardy with our 
wireless system,” says. 

What are the security risks 
associated with wireless net 

works? general, enterprises must protect them 
selves from unauthorized individuals gaining access 
corporate servers “stealing” data transit. They 
also need guard against denial-of-service attacks 
corporate Web servers, which clog them with 
bogus service requests and prevent user and cus 
tomer access data and services. 

These vulnerabilities exist wired networks, too, 
but wireless LANs open additional exposure that 
must addressed specifically, because radio signals 
can penetrate walls. the proper security mecha 
nisms are not place, someone outside building 
but within range access point could circumvent 
the firewall and hop onto the enterprise network. 

Today, enterprises using wireless LANs have 
deployed four distinct forms security: open access 
(no security), basic security, enhanced security, and 
specialized security. The primary reason some enter 
prise installations have security that, accor 
dance with IEEE specifications, systems ship 
default with basic encryption disabled, and com 
panies are not turning on. Even when these fea 
tures—called Wired Equivalent Privacy (WEP)—are 
activated, though, the static nature the WEP 
encryption key still leaves companies risk. Static 
encryption keys rarely change, leaving hackers plenty 
time decode them. 

The Cisco Wireless Security Suite enables both 


enhanced and specialized security overcome static 
WEP vulnerabilities for enterprise-class protection. 
Within the enterprise, enhanced security recom 
mended, while specialized security the form 
VPN based the Security (IPSec) standard 
appropriate for users the road. 

For enhanced security within the enterprise, Cisco 
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has expanded the industry-standard Extensible 
Authentication Protocol (EAP), which fits into the 
IEEE 802.1x-standard authentication framework, 
create authentication algorithm called EAP Cisco 
Wireless (also called “Cisco LEAP”), which enables 
per-user, per-session authentication. Cisco products 
also support dynamic encryption keys and pre 
standard version Temporal Key Integrity Protocol 
(TKIP), which adds per-packet keying, fast rekeying, 
and message integrity checks security. 
Together, these make sessions nearly 
impossible hack. 

guard against wireless-initiated 
ice attacks, EAP Cisco Wireless supports mutual 
authentication. “In addition the user being authen 
ticated, the access point which the client con 
necting must also authenticated,” explains Pejman 
Roshan, Cisco technical marketing engineer. “This 
prevents unauthorized access points from being set 
inside buildings, from which someone could 
launch denial-of-service attacks onto corporate 
Web server.” 


ON THE ROAD: PUBLIC LAN SERVICES 
Users who spend substantial amount 


time the road have increasing 
array connectivity options. men 
tioned, the availability wireless LAN 
services for high-bandwidth access the 
Internet proliferating airports, con 
vention centers, public hotel areas, restau 
rants, and coffee shops. Wired Ethernet 
connections are also becoming available 
hotel rooms and other locations. 

The property owners service 
providers supplying these services 
enterprise users can deploy them using 
infrastructure equipment made Cisco. 
For example, hotels can run Cisco switch 
that support Cisco Ethernet technolo 
support multimegabit-speed connections 
guest rooms wired with older Category 1/2/3 tele 
phone wiring. Similarly, Cisco wireless access points 
can installed public venues enable open 
access wireless LAN connectivity the Internet. 

All traveling business users need use these 
ices are the appropriate client adapters their 
portable computers access these wired wireless 
networks. mentioned, VPN client software also 
highly recommended for security. 

What about handheld devices? Presenting content 
small displays necessitates transformation func 
tion reformat the HTML and XML content resid 
ing corporate Web servers that has been tuned 


desktop-sized displays. addition performing 
markup language translation (such HTML 
WML), important deliver the right subset 
data the requesting device. The Cisco CTE 1400 
Series Content Transformation Engine, for example, 
front-ends Web servers trans 
form content for display variety mobile devices 
using default customized rules. 


SECURITY ON THE ROAD 

When users connect their corporate networks 
from the road, IPSec VPNs protect against hack 
attacks remote-access connections. IPSec VPNs 
have two components: client software that resides 
the user’s mobile computer and security gateway 
the corporate site, such the Cisco VPN 3000 
Concentrator. Encrypted tunnels run between the 
client and the gateway, which terminates the tunnels 
and decrypts data. 

For public wireless LAN services, VPNs are 
especially encouraged. Access points these loca 


tions generally run with their vendor-specific securi 


mechanisms disabled encourage open access 
all potential users. Since the radio signal does not 
have any physical security associated with it, strong 
encryption the wireless access network, supplied 
the client VPN software, prevents hackers from 
stealing data out the air 


AT HOME: BROADBAND ACCESS 

The mobility component business resilience 
includes corporate teleworking programs, which let 
employees work productively from home. According 
2000 survey Kinetic Workplace, U.S. compa 
nies with teleworking programs saved approximately 
$12,000 year per teleworker and also reduced real 
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estate costs much 60%. 

Workers home require secure, high-speed 
connections corporate networks. 
Sometimes the access services available the vari 
ous employee locations differ, company might 
need support mix ISDN, DSL, cable modem 
and other broadband connections. 

Cisco has variety broadband access products 
for at-home workers. For example, the Cisco 806 
Broadband Gateway Router connects any type 
high-speed access connection through 
Ethernet WAN port. while organization may 
not able standardize the type broad 
band network service used its teleworkers, 
can standardize single equipment platform. 


SECURITY AT HOME 

IPSec VPNs again come into play for securing 
connections from the user’s home site across the 
untrusted public Internet the corporate VPN 
gateway. There are several equipment options for 
teleworker security; the choice often depends 
the equipment available from the service provider. 

The Cisco 827 Router, for example, has built-in 
security, including stateful-inspection firewall 
capabilities and VPN support with IPSec 3DES 
encryption. There are other security options 


well, including the Cisco 501 Firewall and the 
VPN 3002 Hardware Client. ease the adminis 
tration corporate teleworking programs, central 
staff can use special software that distributes 
predefined security policies out large numbers 
Cisco 800 Series routers and security appliances. 


EMPOWERING THE ENTERPRISE WITH MOBILITY 
Because the enhanced capabilities now avail 

able for securing connections across untrusted 
wireless networks and the public Internet, enter 
prises can embrace mobility key component 
their business resilience strategies. This empowers 
companies keep business processes going when 
users are away from traditional office workspace 
with wired connection the corporate network. 
Employees who can get connected both within and 


outside the corporate walls are employees who 
stay productive and, result, increase their com 
panies’ competitive power. 


ENTERPRISE MOBILITY SOLUTIONS FROM CiSCO 


Cisco Aironet 1200 
Series Access Point 


Dual-mode 802.11a/802.11b radio that provides wireless 
access to the corporate network 


Cisco Aironet Client 
Adapter Card 


Cisco Access Control Server 


At Work 


Wireless LAN interface card that secures connections 
using the Cisco Wireless Security Suite 


A RADIUS authentication server that supports Cisco LEAP 
security protocols 


Cisco IPSec VPN Client 
Software and VPN 3000 
Concentrator 


Together, establish secure “tunnels” for remote access 
using DES or 3DES encryption algorithms 


Cisco Aironet Client 


On the Road Adapter Card 


Wireless LAN interface card. When used with public net- 
work services, security achieved using specialized IPSec 
VPN technology (see above). 


Cisco CTE 1400 Series 
Content Transformation 
Engine 


| Dynamically transforms Web content so that it is properly 
displayed on the smail screens of handheld devices 


Cisco 800 Series Routers 


Connect users to broadband Internet services for access 
to corporate resources. Some support integrated stateful 
firewall and IPSec capabilities. 


Cisco PIX 501 Firewall 


Security appliance that provides up to 10 Mbps of firewall 
throughput and 3 Mbps of 3DES throughput 


Cisco VPN 3002 
Hardware Client 


Provides secure connections to a VPN 3000 Concentrator 
at a central site using IPSec tunnels 
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LOCK THE DOOR was 

state-of-the-art security for 

data centers years ago. 

Programs were run batch 

mode with remote termi- 
nals, the greatest risk data securi- 
was that mainframe printout might 
retrieved from trash bin. And dis- 
aster recovery largely consisted 
making sure that, should there 
power outage, reels tape were care- 
fully removed from tape drives; the 
tapes could damaged the power 
suddenly came back on. 

That was the last time security 
would simple. 

MIT were demonstrating their experi- 
mental Compatible Time-Sharing Sys- 
tem, which allowed four users working 
terminals run programs the 
same time. Time-sharing meant users 
could intentionally interfere with other 
users’ programs and the late 
1960s, terminals connected modem 
meant that outsider could learn 
password and log in. But there was lit- 
tle risk that first, since remote 
terminal cost much new car. 

Mainframes and minicomputers of- 
fered little protection against malicious 
behavior internal users. Prank pro- 
grams that created copies themselves 
computer until crashed, and 
“trapdoor” codes 
that gave one user 
access 
work, were use 
1972. The first desk- 
top computers hit 
the market 1975, 
and, along with 
rapidly falling prices 
for modems, they 
helped set the stage 
for what would later 


1965: Carstryto 
leave New York 
during the Northeast 
blackout, the first 
major regional disas- 
ter affecting corpo- 
rate data centers. 


KNOWLEDGE CENTER SECURITY 


The Stor 


copes with trapdoors, 
worms, Russian hackers and 
Hurricane Hugo. Frank Hayes 


become epidemic hacking aimed 
corporate systems. 

Encryption was the way protect 
data from prying eyes moved 
through modems networks. 1976, 
the U.S. government officially ap- 
proved its Data Encryption Standard 


(DES), which became widely used for 


financial information sent electronical- 
ly. That same year, three researchers 
Ronald Rivest, Adi Shamir and Leo- 
nard Adelman developed practical 
version public-key encryption, 


1976: Whitfield Diffie and 
Martin invent public- 
key cryptography. 


1980: Comdisco 
gets into the disaster 
recovery business. 


1988: Software 
vendors offer first 
antivirus products. 


his “worm” program, which 
infects 10% the Internet 
and cripples for days. 


which had been invented 1976 
Whitfield Diffie and Martin Hellman 
way easily encrypt communica- 
tions all kinds. 

But encryption solve all se- 
curity problems. 1982, the first com- 
puter virus was infecting Apple 
computers. IBM PCs had viruses 
their own 1986; commercial anti- 
virus software was available 1988. 

And hostile hackers learned use 
the Internet. 1986, astronomer Clif- 
ford Stoll tracked down 75-cent ac- 
counting discrepancy and helped catch 
five German hackers who had broken 
into 450 computers. Other hacker 
hunters were work too but there 
were far more hackers. 


Preparing for Disaster 

The Internet had problems its 
own. Nov. 1988, Cornell Universi- 
student Robert Morris released 
“worm” program onto the Internet that 
infected 6,000 host computers 10% 


1982: First com- 


all Internet hosts and crippled 
the Net for days. 

Meanwhile, disaster recovery had 
come into its own. 1980, Comdisco 
Inc. and other companies had begun 
providing disaster recovery services. 
the end the decade, more than 40% 
businesses had disaster recovery 
plans. And they needed them, what 
with Hurricane Hugo and the San Fran- 
cisco earthquake 1989, flooding un- 
derground tunnels Chicago and Hur- 
ricane Andrew 1992, the bombing 
New York’s World Trade Center 1993, 
and another big quake Los Angeles 
1994, along with steady stream 
smaller catastrophes that threatened 
ever more business-critical shops. 

Mother Nature wasn’t the only threat, 
some hackers became ambitious 
cybercrooks. 1994, group Russ- 
ian hackers siphoned $10 million from 
customer accounts Citibank; they 
were caught the next year. Other hack- 
ers attacked Internet businesses steal 
credit card and Social Security numbers. 

Encryption was under attack too 
its supporters. June 1997, proj- 
ect called Deschall linked tens thou- 
sands computers the Internet 
crack the 20-year-old DES algorithm 
days. Less than year later, the 
Electronic Frontier Foundation used 
custom, $250,000 computer crack 
DES only hours. The U.S. govern- 
ment began relax restrictions ex- 
porting stronger encryption systems 
and officially approved its Advanced 
Encryption Standard May 2002. 

the aftermath the Sept. at- 
tacks, security bigger issue for 
than ever before, with new efforts 
protect systems and close software 
holes and use technology track 
down terrorists. 

And now, with the 


1991: Philip Zimmermann 


puter virus the releases his free Pretty 
wild infects Apple Good Privacy public-key 1997: DES encryption 
computers. encryption system. cracked days. 


1988: Robert Morris releases 


1994: Russian hackers 
steal million from 
Citibank accounts. 


2000: First denial- 
of-service attacks 
crippie Web servers. 
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steps 
cutting costs 
and counting 

Deborah 


LIKE LOT other secu- 
rity professionals these 
days, Mike Hager, security 
chief Oppenheimer- 
Funds Distributor Inc. New York, 
under excruciating pressure provide 
top-notch protection data, ensure 
privacy and manage user access all 
drum-tight budget. also needs 
justify all project costs and results 
top management. 

Knowing this, Hager says doesn’t 
try sell security project unless 
can first explain its value terms the 
business side understands. The best 
method show reduced cost 
administering security, which man- 
agers say the only way demon- 
strate return security spending. 

“Show the money” something 
anew commandment for security 
professionals long accustomed con- 
cerning themselves more with pass- 
words than with payback projections. 
But fortunately, there are proven steps 
that security managers can take get 
their networks and systems ready for 
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future security investments that could 
yield positive return. There’s also 
spate new products aimed reduc- 
ing security overhead costs. Using the 
two together, there’s hope for belea- 
guered security professionals seeking 
quantify the positive results their 
work and show where and how adds 
value the business. 


Know your business. “You can 
get value from security pro- 
grams you map your techni- 
cal measures your business 
needs,” says Steve Hunt, ana- 
lyst Giga Information Group 
Inc. Cambridge, Mass. But, adds, 
“unfortunately, over 30% all secu- 
rity spending poorly focused and in- 
effective best-practices criteria.” 

Mail servers are prime example, 
Hunt says. “If the mail server goes 
down, the response team goes Def- 
con the highest and most expensive 
security response,” explains. “But 
many cases, the business manager 
says ‘Ho-hum, maybe now can get 
some real work 

The lesson: Know critical 
the business and adjust security ac- 
cordingly. “If you’ve got systems that 
are really critical business process, 
you know where your most pro- 
prietary secrets are, then you know 
where prioritize [security] money 
and allocations,” says Charles Neal, 
vice president managed security 
services Exodus, Cable Wireless 
Internet Services Inc. company New 
York. “For other systems, may not 
catastrophe someone broke in, 
you spend less.” 


> 2 | 
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Sensitivity Analysis 


ROI increases when security designed into systems, rather than added later. 
FACTORS COST SAVINGS CONSTANT DOLLARS 


Fixing one additional moderate 
security defect 


Increased defect-fix efficiency 47% 
(10% less effort) 


Accelerated development cycle 


(10% faster) 


Code quality 


(one additional security defect) 


Shorter patch release periods 


(10% shorter) 


SOURCE: @STAKE INC., CAMBRIDGE. MASS. 


Form alliances. Locating 
risk-sensitive data and sys- 
tems also means building 
alliances with business 
managers. Motorola Inc. 
Schaumburg, does 
this placing security officer 
each the company’s six business 
units represent the business require- 
ments the team and vice versa. 
“The job our business unit secu- 
rity officers adapt, refine and deal 
with the implications that support the 
critical priorities the business, while 
following our corporate policies and 
standards for enterprise-level tech- 
nologies,” says Chief Information Se- 
curity Officer Bill Boni. 


Set standards. blending 
business requirements with 
best practices, the security 
team can establish rules- 
based security standards 
for operating systems and 
platforms. This way, organizations 
can better target security spending, 
including training dollars, for secure 
systems administration, says Boni. 
These operational standards should 
include specific instructions for where 
and what patch, which services dis- 
able leave on, which operating sys- 


tems harden, which types systems 
allow the network, and where 
implement additional security capabil- 
ities, such row-level encryption 
public-key infrastructure. 

Standards-setting especially im- 
portant mergers. “We’re taking the 
best policies and standards for each 
company and coming with new 
policies, and then setting operational 
security standards part the auto- 
build procedures for each new system 
that gets deployed,” says Pat Hymes, 
manager corporate information 
security engineering Wachovia Corp., 
Charlotte, N.C.-based financial ser- 
vices firm that merged with First Union 
Corp. September. 


Bake-in security. Standard- 
izing security rules can 
reduce the cost provid- 
ing secure configurations 
other departments, 
Hymes notes, because 
requires groups “bake-in security 
products and processes the onset, 
rather than repair after the fact.” 

May, the Hoover Project, research 
arm @Stake Inc., Cambridge, Mass.- 
based security company, released the 
results quantitative study that rat- 
the cost savings pre-engineered 
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security against postdeployment secu- 
rity repairs. Forty-five homegrown and 
commercial applications were tested 
(see charts). “If you build security 
during the design phase your appli- 
cations, you can reduce your risk 
80% and achieve rework savings 
21%,” says Andrew Jaquith, Hoover’s 
program director. 


Assess, benchmark, and then 
count the savings. Knowing 
whether established stan- 
dards are being met 
where the process can 
become more technical. 
Consider Motorola’s ambitious goal 
aligning standard build features 
with audit compliance. Boni auto- 
mating this task with the help vul- 
nerability scanning tool called Found- 
Scan from Foundstone Inc. Mission 
Viejo, Calif. Like many assessment 
tools, FoundScan reports the state 
security throughout the network 
and sends alerts when something falls 
out specification. 

For benchmarking, the best type 
assessment products services would 
those that adapt the corporation’s 
own security standards, send notifica- 
tion when corporate policy has been 
violated and provide audit reports that 
can used show security effective- 
ness. Corporate boards and regulators 
are beginning require all three, ac- 
cording Michael Ressler, director 
security services Predictive Systems 


Measuring 


Costs savings increase the earlier 
security addressed the 
development cycle. 


PHASE COST SAVINGS 


Design 
15% 
Testing 12% 


SOURCE: @STAKE INC.. CAMBRIDGE, MASS 


Inc., network security consulting 
company New York. 

Since assessing the network manual- 
with internal staff financially pro- 
hibitive, the products are easily cost- 
justifiable. For example, John Shields, 
senicr vice president e-business 
Patelco Credit Union San Francisco, 
says IP360, tool from nCircle Network 
Security Inc. San Francisco, costs him 
$50,000 per year. That’s $100,000 less 
than would have spent the man- 
power the same tasks. And Mo- 
torola paying tens thousands dol- 
lars per year instead millions for its 
perimeter assessments alone, says Boni. 

But technology doesn’t fully gauge 
the effectiveness policies they 
pertain people and processes. For 
this reason, Giga has launched as- 
sessment service called the Security 
Action ReportCard, which suitable 
only for large organizations. The Giga 
service goes beyond technical assess- 
ment programs assess people and 
processes, compare them industry 
best practices, and map security mea- 
sures business requirements help 
achieve better cost-effectiveness. 


Don’t alone. There are 
many other vendor ser- 
vices coming market 
help managers reduce 
administrative overhead 
for current security proc- 
esses. For example, managed security 
services provided outsourcers are 
saving some midsize companies 
80% what would cost monitor 
security events in-house. New forms 
middleware are also springing 
consolidate security report information 
from intrusion-detection, antivirus and 
firewall sensors offer better response 
and correlation. And larger vendors, 
such Cupertino, Calif.-based Syman- 
tec Corp., are cobbling together suites 
with central management interfaces. 

The bottom line: “The reality 
business budget,” says Gartner Inc. 
analyst John Pescatore. And that goes 
for security well. 

“Security has help the company 
make more money supporting busi- 
ness processes, instead of just prevent- 
ing bad things that could happen,” 
Pescatore says. “So good security offi- 
cers usually have good security organi- 
zations, even they’re spending less 
than industry average.” 


BANG FOR YOUR BUCK 


Visit our Web site for tips to cut your security costs 
and a list of additional online resources. 
QuickLink: 31241 
www.computerworld.com 
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Software makes fixes easier, but 
identifying what needs patching 
still costly hassle. Stacy Collett 


EVERY MORNING, Mark Bialik diligently scans 
vendor and security Web sites looking for the 
latest patches for Infinity HealthCare’s many 
Microsoft Office, Web server and Windows NT- 
based applications. 

good day, takes two hours conclude that 
new patches have been issued. not-so-good 
day, Bialik spends four hours figuring out he’s 
running the affected software. the worst case, such 
when the Code Red worm hit last July, Bialik’s day 
consumed installing patches for servers and 
hundreds PCs. remember time when spent 
three four days straight doing nothing but patch- 
es,” says Bialik, network and security manager 
the Mequon, Wis.-based health care provider. 

These days, new security software makes easier 
distribute and test patches. But finding fast and 
reliable way identify new patches and prioritize 
installation remains elusive and costly. 

Companies spend more than billion annually 
patch research and deployment, according Ab- 
erdeen Group Inc. Boston. Meanwhile, the pres- 
sure find and install every patch increasing 
companies heighten security and focus intrusion 
detection and managed vulnerability scanning. 

has done, how can systems administra- 
tors and security managers make patch management 
more manageable? Security software vendors, end 
users and analysts offer the following three tips: 


Develop ‘Patch Network’ 


Security software products can help streamline 

the process finding patches offering links 

vendor sites. But vendors have come under 

scrutiny for not releasing patches fast enough 
for their users. Problems and patches can more 
quickly identified establishing network peers 
multiple organizations, such former colleagues 
people like-minded institutions, says Eric Hem- 
mendinger, Aberdeen Group analyst. “They may 
your best resource,” adds. 

Security portals such Sans.org and Incidents.org 
also provide front line for identifying patches and 
fixes. “Find good, reliable places that gather the data 
for you, and make habit reading them daily,” Bia- 
lik says. 


Buy Time Prioritizing 
Before rushing install every patch that 
comes along, prioritize installations ac- 
cording their impact the organization. 
merce application should take priority 
over one platform that’s fairly well 
hidden from the Internet, for instance. 
high-priority vulnerability iden- 
tified, security managers are finding 
that multilayered security software, 
which located the firewall well 


VENDOR PATCHWORK 


When it comes to a complete 
product for patch management, no 
single vendor meets all the needs of 
most IT buyers. 
QuickLink: 30913 
www.computerworld.com 
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and 


establish network peers outside your 
organization help identify 
and find patches. 


DO prioritize installations according to their 
impact on your organization. 


invest security software that keeps log 
patches installed each and server. 


DON'T rely quick fixes offered hackers’ 
sites. 


install patches without first testing 
them development environment. 


the lowest level the network stack, can temporari- 
plug the hole until permanent patch installed. 

“Customers recognized this benefit before did,” 
acknowledges Jon Greene, senior vice president 
Security Solutions Inc. Waltham, Mass., 
which sells line software security products. “If 
the intrusion can detected, can identify and 
stop it. That buys them time assess the appropri- 
ate patches that need deployed.” 

matter how critical the patch may be, don’t rely 
fixes offered hackers’ Web sites; they can’t 
trusted. Bialik offers this advice instead: “If you can 
get without running that particular application for 
the time being until the fix out, turn off!” 


Evaluate Before You Patch 


save yourself time and legwork, invest 

security software that keeps log 

patches installed each and server. 

The software can also check make sure 
patches are working and will rank the vulnerability 
each application. 

Klipsch Audio Technologies uses San Diego-based 
St. Bernard Software Inc.’s Update Expert identify 
servers and PCs that need patches, scheduling up- 
grades after business hours. “Something that 
would’ve taken six people four hours do, can 
set minutes and not have worry about it,” 
says Mike Fulton, network manager the Indi- 
anapolis-based audio systems manufacturer. 

Another tip: Test the patch first development 
environment make sure won’t create new prob- 
lems with the rest the system. Companies that 
don’t have the luxury complete test environment 
can develop scaled-down version with least 
copy the operating system running the applica- 
tions production. 

And finally, beware the pitfalls patch-manage- 
ment software. Users report confusion over which 
security patch service packs work with different soft- 
ware versions. They also tell technical support 
staffers who refused help with 
patch because their companies weren’t 
running the latest version the ven- 
dor’s software. Other users say some 
scanning software can give false posi- 
tives uninfected machines. 


Collett freelance writer Sterling, Va. 
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The USA PATRIOT Act now 
presents everyone with 

enormous information 
integration challenge. The 
experts agree that manual 
review processes for your 
customers and their financial 
transactions will longer 
suffice. Non-compliance 

not option. The only question 
facing you is: who should you engage 
your partner implementing solution? 


THE SYBASE APPROACH 


Our approach leverages the knowledge and 
capabilities we've developed over nearly 
years managing information, application 
and process integration. 


The Sybase PATRIOTcompliance Solution 
helps you satisfy the integration requirements 
the USA PATRIOT Act implementing 
totally automated process for filtering your 
customers, employees and suppliers against 
known suspects, and for continuously 
monitoring their activities. Our solution 

operationally unobtrusive, secure and 
cost-effective. 


THE FIRST STEP 


Our first step Business Requirements 
Assessment that helps determine your 
unique needs. 


work with you understand your front 
and back office infrastructure. embrace 
the technologies and product standardization 
your environment. extend the Anti- 


The Software 


Company 


can help you integrate the 
disparate data and business applications 
running your enterprise and extend 
them to any location in the world: 
platforms, application servers, 
components, databases, applications, 
processes, integration brokers, even 
mobile/wireless solutions. choosing 
Sybase, you can preserve and extend 
your existing infrastructure investments, 
avoid proprietary traps, and improve 
efficiency across the enterprise. 


THE STRAIGHT GOODS SOFTWARE INTEGRATION. 


and array adapters SWIFT, Flat 

Files, database, CICS, and others) for accessing 
and presenting demographic and transaction 
information from your core systems. 


Money Laundering and Bank Secrecy Act 
investments you've already made. 
make our solution work for your people. 


Having tuned our PATRIOTcompliance 
Solution your environment, implement, 
rigorously test (to the very exacting standards 
Certification) and deploy the solution. 


SYBASE PATRIOTcompliance SOLUTION 


BPI Suite comprehensive set tools 
enable you rapidly build, manage, monitor 
and improve complex business processes. 
also speeds the development Web services, 


Business Process 
Management/ 
§ Activity Monitoring/ 
integration Tools 


| Enterprise Portal/ 
Application Server 


Detection 
System 


Simultaneously, are training your key 
users and administrators. when our work 
done, yours can on. 


you can quickly connect applications 
other agencies other financial institutions. 


Get complete solution that require 
you start from scratch. have the 
tools and skills have you compliance 
before October. And who could have 
issue with that? 


THE END LOOKS LIKE THIS 


Every solution will obviously unique. 
But typically, you'll find secure front-end 
employing the Sybase Enterprise Portal, with 
pre-built capabilities for list, filter and rules 
management, searches across applications 
and data stores, internal and external 
communications, management the 
investigation process, maintenance 
search and investigation histories and, 
course, reporting and presentations. 


can help you get started right away 
www.sybase.com/integrationsolutions. 


SYBASE 


Information Anywhere 


Tying everything together the Sybase 
Business Process Integrator (BPI) Suite 


The USA PATRIOT Act contains strong measures prevent, detect and prosecute terrorism and international money laundering, greatly expanding the breadth 
and depth the old laws. Broadly stated, the act requires that financial institutions know their customers and, the greatest extent possible, their customers’ 
customers. Compliance for bankers and securities dealers required October 2002. Non-compliance could involve civil and criminal penalties. 


©2002 Sybase, Inc. All rights reserved. Ail trademarks are the property of their respective owners. 


BETTER WHEN EVERYTHING WORKS 


q 
poe 
CORE APPLICATIONS; RVIC CES ft ASSOCIATEL TED INFORMAT| 


COMPUTER INCIDENT re- 
sponse team, CIRT, 
lot like firefighting 
crew both are com- 
posed individuals 
trained respond quick- 
specific incidents 
with the goal limiting damage and re- 
ducing recovery time and costs. 

“Like fire department, you can use 
for actual incident response 
and for cleanup, for education and for 
drills,” says Richard Mogull, analyst 
GartnerG2 Stamford, Conn. 


hacker attacks, internal sabotage 
even suspicious activity, such suc- 
cessive attempts gain access sys- 
tem transactions that fall outside 
preset boundaries such money 
transfer exceeding million. 

Incident response companies that 
don’t have CIRT tends expen- 
sive and hoc, says Steve Romig, man- 
ager the network security group 
Ohio State University Columbus. 

And there’s more than money the 
line. Companies that fail react quick- 


With money and reputation the 
line, incident response 
team must speedy and organized. 


Jaikumar Vijayan 


KNOWLEDGE CENTER 


security incidents stand suffer 
damage their reputations and lose 
customers. 

key mission, therefore, 
orchestrate speedy and organized 
companywide response computer 
threats. The following are some tips for 
building that capability: 


KNOW YOUR CONSTITUENCY De- 


cide which computers, address ranges 
and domains will monitored for inci- 
dents, says Romig. Know what services 
the CIRT will provide and whom. 
Develop policies for when disclose 
security breaches and when report 
incident law enforcement agen- 
cies, Romig says. And sure adver- 
tise contact information for the CIRT 
throughout the company, adds. 


ASSEMBLE THE TEAM Figure out 
which department the CIRT should 
and who should head it. Many com- 
panies put the team within the 
group, although others add the CIRT 
the security audit group, make 
stand-alone function, says Georgia Kil- 
crece, amember the CERT Coordi- 
nation Center Carnegie Mellon Uni- 
versity Pittsburgh. 

“Wherever sits, will not 
succeed without management sup- 
port,” she says, because the team may 
require cooperation among multiple 
departments, such legal and human 
resources. 

The incident response team the 
University Wisconsin-Madison has 
process for calling its legal depart- 
ment and local law enforcement when 
incidents involve activities such 
computer-related harassment, says Kim 
Milford, information security manager 
the university. 

Companies that can afford some- 
times maintain formal team spe- 
cialists whose sole task respond 
external and internal security breaches. 

For example, one financial services 
firm has core incident response team 
full-time specialists. Additional 
members are pulled from the compa- 
ny’s human resources and legal depart- 
ments assist this core team neces- 
sary, says the company’s director, 
who requested anonymity. 
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The University Wisconsin-Madi- 
son has entrusted the task coordinat- 
ing incident response one full-time 
worker. That person acts central 
point contact for reporting and re- 
sponding incidents. Along with the 
university’s security group, the em- 
ployee responsible for assessing the 
scope, priority and threat level in- 
cident, well for suggesting re- 
sponse, Milford says. 


CREATE SWAT TEAM Maintaining 
full-time incident response team can 
expensive, many companies choose 
have hoc incident response 
team that can come together quickly 
when needed, says Mogull. 

Providence Health System creates 
SWAT teams respond specific in- 
cidents, such as virus infections, says 
David Rymal, director technology 
the Seattle-based health care provider. 

“We use pager alerts and call inci- 
dent response meeting the function- 
groups designated respond such 
incidents. that meeting, set 
plan action and communication 
plan” for dealing with the threat, Rymal 
explains. 

But, adds, Providence Health Sys- 
tem doesn’t have formal methods 
maintaining CIRT beyond knowing 
the key players and who responds 
which types incidents. 


GET ORGANIZED Have written 


cies and procedures and assign respon- 
sibilities upfront, says the financial ser- 
vices firm’s director. “We maintain 
formal list with names, cell phone num- 
bers and beeper [numbers] people 
who can called assist the core 
team,” says. 

Figure out what equipment 
need, where house and how 
protect the CIRT function. You 
don’t want unauthorized people access- 
ing information that CIRT may un- 
cover during response, Kilcrece says. 

None this does any good the plan 
merely sits shelf. Conduct frequent 
drills and mock exercises, especially for 
hoc teams, the financial services 
director says, adding, “Remember, 
process that you have right but 
hope you never have use.” 
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Forensics neither 
pro-prosecution 

nor pro-defense; it’s the 

pursuit the truth. 


MORGAN WRIGHT, SENIOR INFORMATION 
SECURITY SPECIALIST AT UNISYS CORP. » 


KNOWLEDGE CENTER 
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corporate earnings statements 

the unwitting loss valuable 

trade secrets customer data. 

could string sexual harass- 
ment allegations all pointing one se- 
nior manager. could improper 
Internet usage that forces you termi- 
nate employee, who then sues for 
wrongful dismissal. 

Whatever the cause, these potential- 
disastrous scenarios can solved 
proven only with the help pro- 
fessionals with the right set skills 
investigate computer crimes. 

Once thought the exclusive 
realm violent-crime experts, foren- 
sics fast becoming mandatory 
skills set for companies that need 
show that computer crimes don’t 
unsolved unpunished. It’s the 
painstaking and methodical sifting 
data with one goal mind: gather 
evidence that will stand court. 
Here are some tips from the experts 
make sure you win your case. 


Lay the Legal Groundwork 
Computer forensics the identifica- 
tion, extraction, preservation and doc- 
umentation computer evidence that 
wili stand legal challenges about 
its authenticity, accuracy and integrity. 


Mistakes staff could taint 
evidence and court case. Dan Verton 


the Pros 
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Forensics for 
The Rest 


What nonexperts should first 
computer crime investigation: 


isolate the target system. 
Bring legal support, and determine 
the scope the investigation. 


power boot the system. 


obtain copies backup 
tapes from the local and regional 
departments within your company. 

Bag, tag and secure them. 


preserve the evidentiary 
value bagging and tagging all hardware, 
storing vault secure area and 
keeping log access evidence. 


system with the goal determining 
whether crime has been committed 
and whom and later proving it. 
“Computer forensics process 
methodology discover refute 
area inquiry,” says Morgan Wright, 
senior information security specialist 
Unisys Corp. Blue Bell, Pa., and 
board member the International 
Association Computer Investigative 
Specialists Donahue, Iowa. 
Computer forensics knowing, for 
example, that your company’s trade 
secrets have been leaked rival and 
then proving disproving that the 
employee you suspect committing 
the breach responsible. “Once you 
understand what the objective is, that’s 
when you start your forensic investiga- 
tion,” says Wright. “Forensics nei- 
ther pro-prosecution nor pro-defense; 
it’s the pursuit the truth.” 


Hire Trained Investigators 

Wright says the key difference be- 
tween standard employee monitoring 
and forensics investigation the goal 
preserving evidence that will stand 
legal challenges court. cites 
acceptable-use violation, which might 
include looking into the user’s history 
and proxy servers. 

“On the other hand, let’s say that 
same employee downloaded child 
pornography. Now, system adminis- 
trator who not trained forensics 
can accidentally trample over lot 
key evidence,” says Wright. 

The most common mistake that 
companies make when comes 
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computer forensics thinking that 
their own systems administrators are 
capable conducting professional 
forensics investigation, says Thomas 
Aleman, national leader analytic 
and forensic technology Deloitte 
Touche LLP’s Computer Forensic and 
Investigative Services Group. 

“The department typically not 
trained and doesn’t have the appropri- 
ate tools,” says Aleman. “They turn 
the machine under investigation, and 
happens when machines are pow- 
ered on, critical data starts changing.” 

fact, Aleman recalls case where 
the department large manufac- 
turing firm was called recover 
data from the computer termi- 
nated employee who claimed have 
been wrongfully dismissed. The ad- 
ministrators first turned the sus- 
pect’s computer. “The reality was that 
critical files had changed. And from 
prosecution standpoint, the terminated 
employee was then position ar- 
gue that incriminating data was not 
his system when left,” says. 

Aleman says other aspects foren- 
sics investigations could trip typi- 
cal administrators. For example, local 
administrators branch offices 
always aware the regional data back- 
schedules larger companies, 
says. That could pose problem 
defense lawyers question them about 
the version and timeliness the data 
they’re presenting court. 

Such oversights could seem minor 
most managers, but they can 
mean the difference between suc- 
cessful prosecution (or defense) 
court and watching your case unravel, 
says Matt Yarbrough, former assis- 
tant U.S. attorney who spearheaded 
the formation the North Texas Re- 
gional Computer Forensic Laboratory, 
the largest its kind the U.S. the 
economic espionage cases brought 
his office, only one made court, 
Yarbrough says. The rest were under- 
mined tainted forensic evidence. 

“As prosecutor, there’s nothing 
worse than company that sponsors 
its own evidence court,” says Yar- 
brough, who now attorney 
Fish Richardson Dallas. 


“Being super system administrator 


doesn’t make you forensics evidence 
expert capable bringing evidence 
into the courtroom.” 


FORENSICS RESOURCES 


Assisting in a forensics investigation can be a 
complicated business, but there are resources 
available to help. 


QuickLink: 30849 
www.computerworld.com 


‘Tricks the Trade 


What the experts first computer crime investigation: 


SET LUNCHBOXES 
According Matt Yarbrough, former assistant U.S. attor- 


ney, forensics experts use special computers 
plugged into the system that allow investigators exam- 
ine machine without turning its power and booting from the 
drive. lunchbox creates bit-by-bit, sector-by-sector mirror the 
machine. then produces reports that are generated one 
several software packages used law enforcement agencies such 
the FBI. 


COPY SLACK SPACE 
“Copying both active and unallocated space, called slack 


space, also critical,” says Kristin Nimsger, associate legal counsel 
and electronic discovery consultant Eden Prairie, 
Ontrack Data International Inc. This important because deleted 
files are never really deleted; they are merely stored slack space. 


RECORD THE CHAIN CUSTODY 

Nimsger also recommends creating electronic log 
record access the original copy the drive. This protects the 
chain of custody of the evidence. And before any analysis is con- 
ducted, she advises defining the scope of the investigation so as 
not stumble into any privacy violations. 


ISOLATE THE SUSPECT SYSTEM 

Forensics investigations, especially ones that will produce 
admissible evidence, end after copy the hard 
drive made. It’s critical that the suspect system locked down 
and isolated immediately, says Yarbrough. 

Once image the hard drive has been captured, the hard 
drive should be bagged and tagged, or placed in a container in a 
secure evidence vault with seal properly labeled and dated 
show that hasn’t been tampered with. All analysis should 
conducted the copies only. 

the end the day, all comes down convincing judge 
that the data you are presenting court fact what you say is, 
says Yarbrough. 


CREATE TASK LIST 
thorough investigation can take anywhere from 


hours, says Morgan Wright, a senior information security specialist 
Unisys Corp. “Therefore, important have checklist and 
conduct every step it’s going end court.” says. 


USE AUTOMATION TOOLS ONLY 
SUPPLEMENT EXPERTISE 
There are many automated tools help with investigation. They 
include Symantec Corp.'s Norton Disk Edit, AccessData Corp.'s 
Forensic Tool Kit, Guidance Software Inc.’s Encase and Raytheon 
Co.'s Silent Runner. But, Wright warns, “you should not using 
automation [make for] lack experience.” 

Dan Verton 


4 
39 
q 
| 
| 
a 
4 
3 
3 
3 
2 
| 


Watch Out 
For Wireless 
Rogues 


Employees are bringing unsecured wireless 
access points through the back door. 
how fight back. Bob Brewin 


WENTY YEARS AGO, employ- 
ees starting sneaking PCs into 
the office, under the radar 
mainframe-oriented de- 
partments. 

Now, tens thousands unautho- 
rized wireless LAN hardware devices 
called access points (AP) have popped 
enterprise networks nationwide, 
according analysts, vendors and 
users. The majority these rogue APs 
are being brought through the back 
door without the unit’s knowledge. 
They’re installed employees who 
crave mobility and don’t mind spend- 
ing $200 less for wireless AP. 

It’s classic example technology 
bypassing corporate IT,” says Dave 
Bray, director network technology 
ADC Telecommunications Inc. Eden 
Prairie, Minn. But the proliferation 
unauthorized APs far more serious 
threat than the stand-alone PCs that 
were brought years ago, says. 

These industry-standard 
Wi-Fi, devices are plugged directly 
into enterprise network, often be- 
hind firewall. They transmit sensitive 
data that can easily picked 


snoop using freeware hacking tools 
and $99 wireless LAN card while sit- 
ting office parking lot. 
Sophisticated hackers don’t even 
need near the premises pick 
signal. Using long-range antennas 
either commercial products 
home-brew devices crafted from, say, 


has one more rogue APs. 

Bray says managers should adopt 
policies that welcome the wireless 
LAN technology but protect networks 
the same time. 

“We don’t want inhibit the tech- 
secure fashion,” says. “We now have 
policy against installing wireless 
without corporate approval.” 

managers also have engage 
time-consuming wireless “discov- 
ery process” hunt down unautho- 
rized installations, says Bray. 

ADC initially sent staffers walk 
around the company’s 100-plus facili- 
ties worldwide with wireless LAN- 
equipped laptops and “sniffer” soft- 
ware detect rogue APs. The staffers 
found unspecified number rogue 
APs manufacturing facilities, but 
none office operations, Bray says. 

Vendors take various approaches 
automating this process. AirDefense 
Inc. Alpharetta, Ga., provides suite 
tools that make easy pinpoint 
the electronic signatures the majori- 
wireless LAN APs and access 
cards the market. The AirDefense 
tool set includes sniffers that can de- 
tect transmissions, that 


Pringles potato-chip cans coffee signatures unknown APs can 
cans they can pick compared database 


signals from 1,000 
2,000 feet away. 

These serious hackers 
could exploiting what 
analysts call “malicious” 
APs that are secretly in- 
stalled Ethernet net- 
work people who have easy access 
property, such maintenance per- 
sonnel. Thor Sigvaldson, director 
the advanced technology group 
PwC Consulting New York, says it’s 
easy form industrial espionage. 
“You just stick one [wireless AP] into 
network. doesn’t even need mainte- 


nance,” says. 


Sigvaldson estimates that any U.S. 
enterprise, branch office, plant store 
with more than employees probably 


WIRELESS 
LAN SECURITY 


Learn about three products for 
detecting rogue wireless LAN APs. 


QuickLink: 30856 
www.computerworld.com 


authorized gear. 

Finisar Corp. Sunny- 
vale, Calif., recently intro- 
duced wireless LAN 
spectrum analyzer that can 
help pinpoint unauthorized 
APs. IBM last month intro- 
duced the Distributed Wireless Securi- 
Auditor, which uses authorized 
wireless clients sensors detect 
rogue APs [QuickLink: 30667]. 

The Sniffer, from Network Associ- 
ates Inc. Santa Clara, Calif., works 
from the wired side the network, 
using tools such Simple Network 
Management Protocol determine 
the address all wireless devices. 

Securing wireless LANs against 
rogue APs and hackers can be costly, 
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How Defend 
Against Rogue 
Access Points 
POLICY 
Establish no-exceptions 
policy against the use wireless 


LANs without approval the 
department. 


Set amnesty program 
that will allow employees dis- 
close their self-installed APs 
the department within one- 
month period. 


Encourage use properly in- 
stalled, configured and secured 
wireless LANs the business 
case justifies their use. 


DISCOVERY 
Use sniffing tools physically 
survey all facilities for wireless 
LAN signals, and then zero 
unauthorized devices. 


obscure operations, such 
truck terminals, loading docks, 
branch offices, factories and the 
maintenance department. It 
takes only one rogue open 
up an enterprise network. 


MAINTENANCE 
Continue issue reminders 
the no-exceptions policy. 
Sniff premises periodically. 
Consider centrally managed 
systems for detecting rogue APs 
within large organizations. 


says Chris Kozup, analyst Meta 
Group Inc. Stamford, Conn. 

“The cost truly securing wire- 
less LAN will run anywhere from 10% 
100% the hardware cost,” Kozup 
says. “Once walk customers 
through this, they sometimes decide 
wireless too expensive.” 


Secrets the 


Are you confident that 
any and all wireless 
LAN APs your 
organization have 
been identified 

and secured? 


Don't know 13.2% 


BASE 159 IT PROFESSIONALS FAMILIAR WITH WIRELESS LAN: 


SURVEY WAS 


you have 
written policy 
against employees 
installing their own 
wireless LAN net- 
working gear (with- 
department 
involvement)? 


Don't know 10.7% 


CTED JUNE 4-21 ON COMPUTERWORLD COM 


159 professionals finds that almost half them confident that all 
their wireless LAN access points are secured. And 30% have found rogue APs. 


Have you identified 
any rogue wireless 
APs your 
organization? 


Don't know 12.6% 


vou “sniff” 
monitor your cor- 
porate premises 
determine the 
existence rogue 
wireless APs? 


Don't know 8.2% 
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all facets of our) 
lives. Today's computer 
Bre highly distributed 

with network | 
erywhere and multiple } 
Marticular destination. 
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clear that technology 


When comes targeted hacker attacks, Trojan horses and spyware preying your data, the 
last thing you want “read all about it.” Hackers not only and destroy valuable information, they undermine 
your customer trust and brand equity wounds that can leave you bleeding red ink. 


need get paranoid get Zone Labs. Our security solutions maintain your good reputation and safeguard critical data 
protecting your enterprise network from new and unknown hacker attacks. fact, the distributed firewall solution that 
protects data and productivity securing vulnerable remote and mobile PCs. whether you need centrally managed security 
stand-alone solution, Zone Labs easily protects your entire enterprise network. Which good news for you, bad news for hackers. 


For the full story, call 1-877-876-4960 visit www.zonelabs.com/hackerdefense and download our whitepaper: 
“New Threats, New Solutions” And luck would have it, find plenty information all our proven enterprise security solutions. 


SMARTER SECURITY 


* Source: 2002 Computer Crime and Security Survey, Computer Security institute and FBI. © 2002 Zone Labs, inc. All rights reserved. The Zone Labs logo is a registered trademark of Zone Labs, inc. Zone Labs integrity is a trademark of 
Zone Labs, Inc. Zone Lahs integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. v062402 
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Distributing re- 
sources across 
ple locations could 
make easier re- 
cover from disaster. 
James Cope 


THE TERRORIST ATTACKS the 

last September fundamental- 

changed the way some man- 

agers think about disaster recovery. 

“It’s longer matter plan- 

ning what should fire flooding prevent ac- 
cess buildings,” says Bob Fucito, vice president 
crisis management and business continuity invest- 
ment banking firm BNP Paribas. Today, businesses 
have prepare for the ultimate security risk: what 
when people and buildings are intentionally tar- 
geted and destroyed. 

Fucito should know. His duties include managing 
disaster recovery for Paris-based BNP Paribas’ North 
American operations. And says he’s thankful that 
his company’s executives supported the creation 
disaster recovery plan that emphasizes distribution 
resources two years before the Sept. 
attacks. The company had evacuate its New York 
City building after the attacks, but Fucito says having 
two separate data centers and contract with hot- 
site recovery provider put BNP Paribas better 
position continue doing business. 

BNP Paribas isn’t alone thinking that having re- 
sources one building single network isn’t 
good idea. Other major organizations, such The 
Boeing Co., United Air Lines Inc., the Chicago Board 


GINA TRIPLETT 


Trade and the U.S. Postal Service, try mitigate the 
risk resources distributing data, applications 
and network infrastructure. They also have redundant 
communications links the ready. 

All those organizations have the same goal: 
quickly recover even seamlessly continue doing 
business when disaster strikes. But they have differ- 
ent ways accomplish it. Here are four approaches 
that major companies are using stay prepared. 
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Redundancy and multiple routes: UAL Loyalty 

Services Inc. in Schaumburg, IIl., an online 

customer service unit United Air Lines 

parent UAL installing duplicate sys- 

tems two company-owned and -operated 

data centers. Both are the Chicago area, 
says Igor Rafalovsky, director networking and se- 
curity, but the facilities are geographically separated. 

metropolitan-area network capable gigabit 


> « b 
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speeds, known GigaMAN, connects the two cen- 
ters, Rafalovsky says. Moreover, each data center 
connected over lines running separate Private 
Network Access Points (P-NAP), which are Internet 
backbone connection points owned and operated 
Internap Network Services Corp. Seattle. 

And even the traffic going and from 
the two UAL data centers runs across multiple Inter- 
net backbones from different providers, such 
Sprint Corp., WorldCom Inc. and others. P-NAP 
may have six eight backbone providers online 
and available any given time. 

Both UAL data centers host Web servers, applica- 
tions and databases. Disk storage synchronized 
real time over the GigaMAN, and both data centers 
are online all the time. “In the case catastrophic 
failure one data center, the other one just picks 
the traffic, many cases without 
manual intervention,” Rafalovsky says. 


Outsourced hot sites: When BNP Paribas 
employees evacuated their building 
New York response the terrorist 
attacks, they moved the company’s 
other data center New Jersey con- 
tinue operations. Even so, Fucito says his 
firm also has contract with New York-based 
SchlumbergerSema provide off-site hot sites. 

Hot sites duplicate the mission-critical parts 
company’s systems secure buildings miles away 
from the primary sites. workers can hot sites 
initiate recovery simply resume work. 

John Kersley, SchlumbergerSema’s vice president 
business recovery, describes how works: cor- 
porate customer configures its own data centers 
automatically mirror data and applications the ap- 
propriate hot-site recovery center (or centers). That 
company’s employees are assigned physical posi- 
tions (desks and workstations) specific center 
and instructed how get there there’s crisis. 
When the company’s workers are place the re- 


Advanced 


prepared for certain outcomes, such being 
unable enter the building. 


simple, not a thick binder on a shelf. It should 
fit one sheet paper single computer 
screen. 


The plan should say where employees 
should go, whom contact, which systems 
are likely affected and what about 
them. 


realistic. may not possible for 
Fortune 1,000 company recover from 
major disaster hours. 


SOURCES: ALAN PARIS. CAP NEW YORK 
DAMIAN WALCH, T-SYSTEMS IN SLE, ILt 


covery center, becomes matter patching the 
data through the off-site desktops. 

Hot sites are especially appealing financial ser- 
vices organizations like BNP Paribas and the Board 
Trade Clearing Corp., the clearinghouse for the 
Chicago Board Trade, which has hot-site con- 
tract with SunGard Data Systems Inc. Wayne, Pa. 

The concept also has value for major retailers. For 
example, Leeds, England-based ASDA Group Ltd. 
chain food and clothing superstores owned 
Wal-Mart Stores Inc. Bentonville, Ark. has 
agreement with SchlumbergerSema send select 
members its staff global business recovery 
center disaster closes own facilities. 


Blend internal and external redundancy: 

SunGard and SchlumbergerSema say the 

trend toward using hot sites for disas- 

ter recovery. But Damian Walch, vice 

president consulting T-Systems Inc. 

Lisle, sees the trend heading the 
opposite direction. 

“Companies are looking internalizing their dis- 
aster recovery systems and moving away from hot- 
site providers,” Walch says. However, 
edges that the hot-site idea won’t away anytime 
soon and that disaster recovery strategies often in- 
volve blend approaches. 

fact, extremely large and diverse organizations, 
particularly those using mainframes addition 
servers, foster redundancy through mix mul- 
tiple in-house data centers and mirrored hot sites. 

Chicago-based Boeing, for example, has consid- 
the specific needs business units and the com- 
munication challenges that come with having mul- 
titude far-flung locations. 

“Distributed hot-site contracts tend more ex- 
pensive with mainframe environments. try 
consolidate and centralize but also avoid the risk 
too many megacenters having geographic 
separation [of says Steve Guzek, Boe- 
ing’s program manager for disaster recovery. 

Guzek maintains that focusing networks the 
key eliminating single points failure. 


Satellite backup: Bob Otto, vice president 
the U.S. Postal Service (USPS) 
Washington, says could see the smoke 
from his office after the aircraft struck the 
Pentagon Sept. 

“We then evacuated our computer cen- 
ter our Washington facility and set for re- 
mote management from our Raleigh [N.C.] disaster 
center and immediately instructed our data centers 
California and Minnesota begin backing 
Raleigh,” Otto says. 

Then Otto’s group learned that the New York at- 
tacks had knocked out the frame-relay links connect- 
ing facilities New York the postal service’s wide- 
area network. the USPS pointed its VSAT satellite 
system toward New York, and the city’s post offices 
were almost immediately back the network. 

was all part the plan, says Larry Wills, manag- 
distributed computing for the USPS. While 
frame-relay land lines are the primary network con- 
nection thousands post offices across the U.S., 
the USPS has 11,000 VSAT installations nationwide, 
Wills says. The VSAT services are provided 
SpaceNet Inc. McLean, Va. 

Generally, the switch-over automatic: When 
frame relay goes down, satellite connection takes 
over. Wills says post offices generally don’t even 
know when has happened. 


Cope Computerworld contributing writer. 


PLAN AHEAD WITH THREE VIEWS DISASTER 


Before a system goes down, determine how the loss of that system would 
affect people, technology and processes. 
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DEBORAH RADCLIFF 
LEAST once each 
month, Terra Lycos 
high-profile In- 
ternet media prod- 
ucts, such Lycos 
Mail, Tripod and Angelfire, 
come under denial-of-ser- 
vice (DOS) attack. host 
more than 300 distinct Web 
sites and 40.3 million users, 
the international hosting and 
Internet media company 
makes obvious target, ex- 
plains Tim Wright, chief tech- 
nology officer and CIO Ter- 
Lycos’ U.S. headquar- 
ters Waltham, Mass. 
The attacks aren’t the 
traffic-clogging distrib- 
uted denial-of-service 
(DDOS) attacks that 
used remote-controlled 
servers flood Amazon, Ya- 
hoo, eBay and others with de- 
bilitating levels traffic 
early 2000. 


Oldie but Baddie 

The DOS attacks Wright 
sees are much older than that. 
They’re called syn flood, type 
attack that has been around 
long TCP. Syn floods fake 


What Can 
You Do? 


Syn flood remedies: 
Shorten how long server will 
wait before timing out. 


Biock traffic coming from the 
spoofed address. 


Use egress filtering 
prevent your network from 
used spoofed address. 


DRDOS remedies: 
time the flood, ask 
your upstream service provider 
“null route” packets coming the 
Unfortunately, this means 
ropping all packets coming into 
that address, which still results 


@ Use traffic pattern analysis 
and network sniffers help de- 
tect these attacks faster. 


the initial connection synchro- 
nization (syn) requests. The 
target responds with ac- 
knowledgement (ack), for 
which will receive re- 
sponse. The target server holds 
the session open for given 
length time and then times 
out. high-volume succession 
these fake sessions prevents 
the machine from opening le- 
gitimate connections. 

really protection 
against syn floods, because 
they take advantage the in- 
herent purpose routing pro- 
tocols route TCP 
session connection re- 
quests. “The worst kind 
attacks are where the 
protocol says it’s nor- 
mal,” Wright explains. 

Now, syn floods are getting 
whole lot nastier. new 
form syn, called distrib- 
uted reflection denial-of- 
service (DRDOS) attack, 
knocked Laguna Hills, Calif.- 
based Gibson Research Corp. 
(GRC) off the Web for four 
hours January. 

DRDOS attack the in- 
verse syn flood, says Steve 
Gibson, president GRC. 
Gibson coined the term for 
the new attack method after 
his experience January. 

That’s when attackers 
sprayed GRC.com’s across 
core Internet routers and con- 
nected TCP devices, making 
them believe that GRC.com 
was trying initiate con- 
nection. Being the obedient 
devices that they are, they re- 
sponded masse GRC.- 
com with their ack replies. 
GRC.com’s server, knowing 
that didn’t initiate the TCP 
session requests, simply 
dropped the acks. Thinking 
their ack requests were lost 
cyberspace, the devices tried 
magnifying the attack. 

Gibson says he’s aware 
many companies that have 
come under such DRDOS at- 
tacks. “Web hosting sites and 
other major sites are the big- 
gest targets,” says. “You up- 


Denial service form attack which network 
server overloaded thousands false communi- 
cations and/or requests for services originating from 
programs one more outside computers. 
mately, the network receives many queries that 
can’t keep with them and thus unavailable 
answer service legitimate requests. 


DEFINITION 
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The Distributed Reflection DOS Attack 


Syn packets carrying 


source 


Syn/ack packets from 
servers responding to 
spoofed syn packets 


set some script kiddie they 
especially don’t like spammers 
and they’ll punish some- 
body.” 

Filtering doesn’t help be- 
cause slows all traffic, 
say Wright and Gibson. 
DRDOS attack, the ack pack- 
ets come from everywhere, 
there’s way filter. 

The only way deal with 


such attack take the 
target machine off the Web 
and wait out, ask your In- 
ternet service provider 
“null route” (drop incoming 
syn ack packets the af- 
fected machine), Gibson ex- 
plains. That way, the attackers 
can’t block traffic other ma- 
chines that network seg- 
ment. But then, adds, “the 


Well-meaning and 
innocent servers 


SOURCE: GIBSON RESEARCH CORP 
LAGUNA HILLS, CALIF 


attacker’s still won. They’ve 
shut your site down.” 


MORE JARGON ONLINE 


For a glossary of related terms, visit 
Computerworld online. 
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Are there technologies or issues you'd like 
to learn about in QuickStudy? Send your 
ideas to quickstudy@computerworld.com 
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With Avaya, you’re already this close Telephony. 
fact, you can use what’s your own network. Now Avaya, the leader voice solutions, 
has extended Telephony open architecture. our feature-rich 


Software can work with your existing investment, you have Enterprise Class 


Solutions anywhere your network. That means you get gentle migration and flexible 


deployment from the core the edge, the other way around. Learn how network 


assessment can help you discover how close you are Telephony. Visit avaya.com/yes 
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NICHOLAS PETRELEY 


WAS WORKING from home office few years 
ago when access Web site called 
World was suddenly cut off. service pro- 
vider told that router Southern Califor- 
nia had gone down. This struck odd for 
two reasons. First, live Northern California, 
about half-hour from San Francisco, where 
World was hosted the time. Second, was under 
the impression that one the primary design goals 
for the Internet was make sure that communica- 


tions would proceed uninterrupted even some 
the primary hubs are taken out nuclear blast. 


have idea what really caused 
this temporary outage, but assume 
occurred because minor hardware 
failure administrator error. But 
Internet communications are this easi- 


can’t help but conclude that 
are totally unprepared for the 


consequences intelligent, 
direct attack cyberterrorists. 
Here’s how you can prevent such 
attack: Think like terrorist. Look 
trends, and explore every possible op- 
portunity and method possible 
launch attack the U.S. infra- 
structure and economy. Then put your 
hat back and plan ahead pre- 
vent these methods from working. 
Here’s example. One inevitable 
trend the increase business-to- 
business transactions over the Inter- 


for how long, could create big head- 


lines, delay halt shipments, per- 
haps even lasting damage the 
economy. 

The obvious method launch 
distributed denial-of-service 
attack. That would get the 
most bang for the buck. 
don’t have defeat firewalls, 
gain administrator access business 
computers crack any Web services 
launch this kind attack. All 
have overwhelm carefully se- 
lected servers just many servers 
possible. 

So, how distribute 
the attack software? Mi- 
crosoft’s business model 
the most promising. Mi- 
crosoft makes its money 
putting its products 


they desperately need order 
protect their revenue streams. 

Microsoft needs only two things 
happen make this work: must get 
the Xbox into 100 million homes 
more, and the cost broadband ac- 
cess the Internet has drop 
within reach the average household. 

You should able see where 
going with this now. you wanted 
launch the ultimate denial-of-ser- 
vice attack, what more could you ask 
for than 100 million Xbox units with 
broadband access the Internet, all 
running software developed the 
“crack me” specialists the world? 

Now, what’s the cure? 

I'm afraid disappoint those you 
who are expecting knee-jerk anti- 
Microsoft response, but nuking the 
Xbox solve anything. Micro- 
soft depending getting its soft- 
ware into every home one way an- 
other, the best answer prepare 
for that day. 

For one thing, would pressure 
everyone necessary standardize and 
implement quality-of-service (QOS) 
protocols. Demand that your ISP sup- 
port QOS. Implement QOS part 
your plans for Web services. Most im- 
portant, pressure vendors imple- 
ment QOS hardware whenever pos- 

sible, especially for high- 
volume consumer devices 
like game machines, cell 
phones anything else 
that can connect the In- 
ternet. the hardware 
wraps every packet ina 


Telephony. 


Where start? 


With Avaya Enterprise 
Solutions (ECLIPS) 
featuring 
Software, start anywhere 


your network. 


$8700 Media Server 
the core. 
¢ Delivers up to 99.999% 
reliability 
¢ Scalable from 20 to 
1 million users 


G700 Media Gateway 


the edge. 

¢ Survivable remote location 

¢ Standards-based distributed 
architecture 

* Cost-effective option 


From IP Phones to Pocket PCs 


With specific workgroup. 

e First to seamlessly extend 
applications to cellular 

e Takes applications to remote 
and mobile workers for 
greater productivity 


Learn how a network assessment can 
help you discover how close you are 
Telephony. Visit avaya.com/yes 


low-priority envelope, no- 
body can trick Xbox 
any other consumer device 
into generating data that 
takes precedence over the 
information that runs our 
country. 

This only one example 
and one possible solution. 
How many can you think 


the hands many peo- 
ple possible, after which 
charges everyone the 
service chain nickel. Its 
latest plan revolves around 
turning the Xbox game 
console into home enter- 
tainment center, after 
which can charge con- 
tent providers for the digi- 
tal rights management 


net, trend that will only fortified 
the advancement Web services. 
Let’s assume, for the sake argument, 
that within two years, most busi- 
ness-to-business transactions will take 
place over the Internet. were 
cyberterrorist, would plan now for 
the day when could disrupt many 
these business-to-business transac- 
tions possible. Depending how 
many servers could bring down and 


WICHOLAS PETRELEY is a 
computer consu!tant and 
author in Hayward, Calif. 

He can be reached at 

nicholas@petreley.com. 
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What’s VPN? 


virtual private network 
(VPN) network con- 
nection that has the ap- 
pearance and many 
the advantages ded- 
icated link but fact implemented 
over shared network. Using tech- 
nique called tunneling, data packets are 
transmitted across public routed net- 
work such the Internet. Generally, 
the private network data and protocol 
information are carried inside wrap- 
per that along the way, they look like 
data the routers, which remain un- 


aware that the transmission part 
private network. Only when the trans- 
mission reaches its destination un- 
wrapped and sent its intended recip- 
ient. This private “tunnel” simulates 
point-to-point connection, and al- 
lows network traffic from many 
sources travel via separate tunnels 
across the same infrastructure. 
Tunneling allows network protocols 
traverse incompatible infrastruc- 
tures. also enables traffic from many 
can directed specific destinations 
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and receive specific levels service. 
Tunneling can initiated vari- 
ety network devices and software, 
such end user’s laptop equipped 
with analog modem card and 
VPN-enabled dial-up software. (Basic 
tunneling and security capabilities 
have been bundled into Windows 
since the release Windows 95.) 
Tunnels can also started 
VPN-enabled extranet router en- 
terprise branch home office LAN, 
VPN-enabled access concentrator 
network service point 


VPNs for Remote- 
Office Security 


Corporate site 


VPN gateway 


Remote site 


Remote offices use site-to-site VPN alternative 
leased lines and frame relay. Internet access, includ- 
ing Digital Subscriber Line and cable modem broadband 
connections, significantly less expensive than private 
lines. routers allow small branch offices 
to form a secured wide-area network with the corporate 
office. The corporate VPN gateway must capable 


remotely managing these branches. 


The Battle for Mainstream Acceptance 


Providing secure remote access and 

telecommunications over the Internet 

modern business, and virtual private 

networking the primary technology 
making that possible. managers have had trouble 
adopting VPNs because deployment issues, com- 
patibility and interoperability problems and the ex- 
pense these systems. 

That has changed. VPNs are entering the main- 
stream, and many companies view them tele- 
communications necessity from both security and 
cost perspectives. fact, Framingham, Mass.-based 
IDC’s “2001 WAN Manager Survey,” published 
December, concluded that VPNs are now main- 
stream wide-area network option for most businesses. 
And browser-based Secure Sockets Layer VPNs are 


growing popularity because they require little 
additional software firewall reconfiguration. 

“The trend has been create VPNs for remote 
access, since they offer considerable cost reductions 
over toll-free numbers and in-house [remote access 
says Dave Kosiur, senior analyst Bur- 
ton Group Midvale, Utah. 

But that’s not say that enterprise VPNs have 
rough edges. Depending the type technology 
and products selected, VPNs can still cause head- 
aches and force companies outsource deployment 
and management service providers. 

Increasingly, the VPN and firewall markets have 
been merging, hardware-based implementations 
have continued dominate. Bu: interoperability 
between products from different vendors remains 
one the VPN market’s biggest challenges. It’s also 


Remote site 


tunnel terminator switch en- 
terprise network, VPN gateway 
network service net- 
work extranet router. 

addition, there are usually one 
more security servers. Along with 
their conventional functions fire- 
walls and address translators, VPNs 
can provide for data encryption, au- 
thentication and authorization. Tun- 
neling devices perform these functions 
communicating with security serv- 
ers. Such servers also usually provide 
information bandwidth, tunnel end 
points and, some cases, network 
policy information and service levels. 


challenge for large enterprises that may want 
need use different hardware and operating sys- 
tems different locations. 

“The outlook for interoperable devices and soft- 
ware improving, although it’s only natural for ven- 
dors try and lock customers into only their prod- 
uct line,” says Kosiur. “There will always value- 
added features different vendors’ products that 
will inhibit 100% interoperability.” 

Interoperability problems are “preventing the VPN 
market from meeting its potential,” says Leo Pluswick, 
technology program manager 
ICSA Labs, testing clear- 
inghouse for VPN and firewall ANSWERS ONLINE 
burg, Pa. “Each vendor devel- 
ops target particular busi- 31048 
ness problem. Large-scale, in- Q&A with analyst Dave Kosiur: 
teroperable deployments are QuickLink: 31040 
goal, not reality yet.” computerworld.com 
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Confused Market 


Dedicated VPN hardware revenues 
totaled $1.3 billion 2001 and are fore- 
cast reach $2.9 billion 2005, ac- 
cording study published Febru- 
ary Infonetics Research San Jose. 
End users all types and sizes are 
also buying managed VPN and security 
services, representing 
lucrative opportunity for 
all types service pro- 
viders, according Info- 
netics. But the market crowded, and 
can confusing. Some service pro- 
viders offer only security, some offer 
only VPNs, and some offer both. Some 
vendors simply deploy and manage se- 
curity and VPN devices; others actively 
monitor the network and provide the 
customer with analysis potential 


security gaps. There are also providers 
that offer services based the equip- 
ment customers have in-house, vs. 
those that have network-based services 
equipment and network-based services. 

There are other barriers that the mar- 
ket must overcome. Many 
buyers are overwhelmed 
the multitude prod- 
ucts available and the 


service provider space. 


“The market real, but the market 
leaders for products and services have 
yet truly emerge, and 2002 will 
critical year for product manufacturers 
and service providers prove they 
can satisfy customer requirements,” 
the Infonetics study concluded. 


Healthy Connections 


Spectrum Health 
Grand Rapids, Mich. 


his protected zone, which would 
have been a very insecure approach. 


WHO THEY ARE: large, regional integrat- 
health care system serving western 
Michigan counties and 1.38 million people. 
GOAL: meet the new security require- 
ments called for the Health Insurance 
Portability and Accountability Act 
and manage 5,000 independent 
(nonemployee) users. 
CHALLENGES: Spectrum has more 
than locations counties, in- 
cluding seven hospitals. The network has 

serve 12,000 employees and more than 
1,000 independent offices. 
Thus, minimizing risk was one the prima- 
concerns, says Jim Toth, director tech- 
nology services. 

“While we could cobble together some 
[homegrown] solutions, were constantly 
running into encryption, tun- 
neling and protection our protected net- 
work zone,” says Toth. Without VPN, Toth 
would have had open perts into 


STRATEGY: Toth chose technology from 
AppGate Inc. Durham, N.C., that estab- 
lished link between terminal emulation 
software and the client PCs. The AppGate 
product, based on the Secure Shell proto- 
col rather than IPsec Secure Sockets 
Layer, provides tunnel the 
application layer, not just the 
network layer, and includes 128- 
bit encryption. 

cure tunnel at the application layer 
where wanted have it,” says Toth. “We 
really limit our points access.” 


ISSUES: Even with assistance from ven- 
dors and service providers, Toth acknowl- 
edges that VPNs can “fairly complex” 
systems to set up. 


PAYOFF: “This was really functional 
issue,” says Toth. “It's not much about 
saving money. don’t think could have 
offered solution without VPN.” 


Outsourcing Can Help 


The growth e-business and the 

ever-increasing integration between 

corporations and their suppliers 
OTE and trading partners has put premi- 

security, user authentication 

and data integrity. addition, recent economic pres- 

sures have forced many companies reassess their 

telecommunications strategies with eye not just to- 


Users are turning VPNs answer all 
these challenges. addition providing increased 
security, some cases VPNs have reduced telecom- 
munications management costs and improved per- 
formance. However, deploying VPN isn’t like de- 
ploying few new desktop PCs. There are still many 
technical challenges work out and much research 
before you choose any one VPN product 
architecture, say users. 

“We were worried about the technological risk 
associated with the changing technology,” says 
Flynn, CIO FMC Corp., Philadelphia-based man- 
ufacturing company with locations worldwide. 
FMC started the move toward VPN early 2000 
means provide what Flynn calls “secure any- 
body, anywhere access” for more than 1,000 employ- 
ees. However, the growth business-to-business 
trading also increased concerns about having 


ward security, but toward cost and performance well. 


touch customer systems, says Flynn, “and didn’t 
want that all.” 

After researching its options, FMC chose Seattle- 
based Corp. for its VPN and remote access 
requirements. came down the technology and 
flexibility, says Flynn. The Aventail service allows 
FMC control employee access rights and also uses 
noninvasive agent that leaves the client stack 
alone, thereby meeting FMC’s requirement not 
touch customer systems. 

“We vetted who went with very well,” says 
Flynn, “so not limited the technology choice.” 
And since FMC “had idea how deploy what 
they needed their own,” handing over these com- 
plex technologies company with the know-how 
minimized the risk, explains. 

Kelly Henderson, chief operating officer Auto- 

Jeb Communications Inc. Oak Park, Mich., agrees 
with the idea having someone else 
the VPN work. AutoWeb, which 
does business through VPN managed 
Southfield, Mich.-based ANXebusi- 
ness Corp., was faced with figuring out 
tunnel management process for each 
its 600 trading partners, including 
nine the world’s largest automotive 
manufacturers. 

“Most companies the busi- 
ness managing telecommunica- 
tions,” says Henderson. “It’s not their 


core business.” And VPN tunnel management 
scale “can get involved” and “can 
significant investment for companies,” she says. 

“There’s expertise that didn’t have but that 
needed have handle that type process,” says 
Henderson. “The cost well worth because 
the type business we’re in. But you need 
identify where the real pain points are and whether 
VPN going address those pain points.” 

Joe Klein, director telecommunications 
nois Tool Works Inc. (ITW) Glenview, says 
deploying VPN hasn’t been painful; fact, says 
it’s been pleasant, cost-effective change from tradi- 
tional telecommunications methods. 

ITW deployed VPN from OpenReach Inc. 
Woburn, Mass., replace frame-relay networks 
connecting business units. VPN tunnels are 
supporting human resources, financial and e-mail 
applications between remote sites and 
headquarters, well 100 re- 
mote dial-in users. 

“Users have realize that with all 
good things, takes some time ac- 
commodate change and get used the 
product,” says Klein, noting that 
made use the OpenReach installa- 
tion team get the VPN and run- 
ning. However, far the VPN has 
helped Klein cut costs 30% 50%, 
says. 
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Amy Helen Johnson 


Employee Spotlight 


Name: JONATHAN TAYLOR 

Title: Enterprise security engineer 
Company: Suiter Health, Sacramento, Calif., 
services organization for affili- 
ate hospitals Northern California 
30-second résumé: Taylor has worked 
since 1994. After graduating 
Brigham Young University Provo, 
Utah, joined value-added re- 
seller. While moonlighting Windows 
Server instructor College Business 
and Technology Sacramento, fellow 
teacher told him about an opening at Sutter 
Health. joined the company 1997, first 
working project roll out Windows 


platform throughout the 
haven't changed since the events Sept. 
what's different the interest that company 
executives now have security. “When 
would see patterns risk before 9/11, people 
were apt dismiss it,” says Taylor. “Now 
eyes wide open.” 

Johnson contributing writer Seattle. 


care affiliates. Taylor switched security 
early 2000. 

Skills boost: On-the-job training the best 
way learn, says Taylor. very little 
training for information security,” says. 
“And even there was, it's such vast field 
that would difficult get what you need 
for your particular industry job.” 


Still, Taylor has found some courses that 


help him keep current. His most recent train- 

ing came from Foundstone Inc., security 

services firm Mission Viejo, Calif. its Web 
hacking course, learned about common 

Web site vulnerabilities that hackers exploit 


vulnerabilities that existed within 
Sutter public site. 
“It was great big eye-opener,” 


says. 


Other resources that Taylor uses learn 


: about potential security risks are newsgroups 
and Web sites devoted security. says 
helpful bug list the Web site 

San Mateo, Calif.-based SecurityFocus. 


Taylor says the mechanics his job 


Resource Group Shreve} 


siness and legal 


Best Place 


financial services company focused 
business and private banking and investment 
services. 


2002 Best Places 
Work list. 


revenue: $4.2 billion 


security 


VIEW: Comerica doubled the 
size its security team during the past 
months, says Ken Schaeffler, first vice presi- 
dent. The bank switched from infrastruc- 
ture that supported only employees one that 
provided online services its customers. 

Security concerns changed from empha- 
sis access IDs and passwords elimi- 
nating the vulnerabilities associated with Inter- 
net-based applications, says. Specialty de- 
partments for security administration, security 
architecture, risk management, regulations 
monitoring, and policies and procedures han- 
dle the increased security needs. 

The bank encourages security employees 
get CISSP certification and will pay for the 
coursework and testing. More than 60% the 
security certified, says Schaeffler. 

Training opportunities are well funded and 
popular with employees and are considered 
key retention tool, adds. 


STOP HACK ATTACKS 


One security engineer offers his tips for staying a 
step ahead of the hacker community. 


QuickLink: 30925 
www.computerworld.com 
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Keeping unauthorized people out 
systems the primary task for securi- 
professional, become skilled 
performing risk assessments and work- 
ing with firewalls, access controls, au- 
thentication software, digital certifi- 
cates, network management security 
tools and intrusion-detection systems. 
Networking fundamentals are must, 
brush TCP/IP. Count em- 
ployers asking about your experience 
with Cisco Systems Inc. products. They 
will also expect you know how ad- 
minister common server operating sys- 
tems such Solaris, Windows and 
2000, and Linux. 

Bonus tip: you have been through 
the firestorm disaster recovery ef- 
fort have designed and implemented 


Training 


Certifications: The Certified Infor- 
mation Systems Security Professional 
(CISSP) certification administered 
the Dunedin, Fla.-based arm the In- 
ternational Information Systems Securi- 
Certification Consortium runs 
five-day boot camps prepare people 
for the CISSP test. 

Bonus pay? Not likely; the payback 
for certification more often job 
rather than salary boost. Some em- 
ployers list strongly pre- 
ferred” job postings; others require 
one more certifications. Without 
them, your résumé could tossed. 


Salaries 


There are security job openings all over, 
including one for manager security 
and disaster recovery with five- sev- 
en-year track record, CISSP certifica- 
tion, and experience with virtual private 
networks, encryption and intrusion- 
detection software. Location: Augusta, 
Ga. Salary: $75,000 

financial services firm seeks data 
security administrator with systems ad- 
ministration, firewall, intrusion-detection 
and programming skills. Location: 
Dallas Salary: $70,000 

Hot industry: With the federal gov- 
ernment beginning well-funded cyber- 
security projects, the job market the 
government sector hot, particularly 
the Washington area. 

SOURCES: NICK DOTY. EDITORIAL DIRECTOR AT 
PRINCIPAL MAGEE GROUP 
IN SHREVEPORT, LA.; JULIE LARSON, VICE PRES) 
DENT OF INFORMATION SECURITY, RISK ASSESS- 


MENT, AWARENESS AND COMPLIANCE AT 
COMERICA INC. IN DETROIT 


MARKET: Employers are 
data. The other data 
viruses and the like. 
protecti 
rience 
threaten every computer 


The 
Chapter 
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KNOWLEDGE CENTER 


Next 


Pundits predict the rise ‘security 
malpractice’ lawsuits and federal 
security audits but foresee sluggish 
for smart cards. 


UNCLE SAM WILL AUDIT YOU 

The U.S. government will create cyber 
equivalent the Transportation Secu- 
rity Administration (TSA). Just the 
TSA charged with elevating the cur- 
rent level transportation security 
nationwide all modes air, land, 
water and rail so, too, will the Digi- 
tal Security Administration charged 
with elevating the current level digi- 
tal security being practiced com- 
mercial enterprises the U.S. 

The Digital Security Administration 
will conduct information security au- 
dits the code the top enter- 
prise software vendors. Code not 
labeled unsafe. Vendors with unsafe 
code will have six months bring the 
code security standards. 

The Digital Security Administration 
will also conduct information security 
audits all companies the critical 
infrastructure: 

Financial and currency markets. 

Domestic and global lines com- 

munication. 

Mass points e-sale and retail. 

Utilities. 

Health care facilities. 


primary focus U.S. national security 
policy. 
Atul Dighe, senior futurist, Institute 
for Alternative Futures, Alexandria, Va. 


90% THE PROBLEM 
Through 2005, 90% cyberattacks will 
exploit known security flaws for which 
patch available solution known. 
And through 2005, 20% enter- 
prises will experience serious Inter- 
net security incident (beyond virus). 
those that do, the cleanup costs 
the incidents will exceed the preven- 
tion costs 50%. 
Richard Mogull, analyst, 
GartnerG2, Stamford, Conn. 
security will become boardroom 
issue the next two years. CEOs will 
have manage the risks, just they 
manage other sorts risks. 
depend chief security officers 
provide the metrics portfolio 
assets and the risks that have bottom- 
line impact just like chief financial 
officer does, except that risks are 
constantly changing. 
— Mark Milatovich, director of 


row. the real world, every bank hires 
another company drive its money 
around town, and every building man- 
ager hires another firm post guards 
its lobby. Outsourced network secu- 
rity will become commonplace 
outsourced phone services are today. 
Bruce Schneier, founder and 
chief technology officer, Counterpane 
Internet Security Inc., Cupertino, Calif. 
THE BIOMETRIC NICHE 
Stronger authentication will supplement 
simple password approaches the next 
few years, but infrastructure limita- 
tions will impede smart card adoption 
until 2003, and biometrics will remain 
niche through 2005. 
Perkins, analyst, 
Meta Group Inc., Stamford, Conn. 
SMART CARDS: SLOW GROWTH 
Significant smart card growth still 
faces several Issuers are hesi- 
tant commit smart cards until 
the cost the chip card comes down. 
Merchants spend the money 
upgrade equipment accept cards 
because they don’t see consumer de- 
mand. And consumers don’t yet see 
why they need chip card one 
has come with the right combina- 
tion chip-based applications in- 
trigue them enough switch. 
Catherine Graeber, analyst, For- 
rester Research Inc., Cambridge, Mass. 


MALPRACTICE LITIGATION 


What you tell the CEO 


forensic audit your public relations 
disaster says could have been pre- 
vented vendor fix that had been 
available for eight months but was 
never applied? 


Food for 
Thought 


technology timeline from 
British futurists forecasts 
world cyberwarfare. 


2005: Crime and terrorism are 
mainly computer-based. 


2005: Use quantum crypt- 
ography effect. 


2006: Public-key cryptography 
cracked within few seconds. 


2007: First Internet war be- 
tween cybercommunities begins. 


2008: Robotic security and 
fire are implemented. 


2010: Most weapons attack 
systems rather than injure people. 


TIMELINE.” 


Ineffective application hardware 
and software security fixes career- 
threatening. Chief security officers 
who fail get their arms around con- 
figuration and change management 
will exceed the CIO turnover rate 
38% 2003. 

This what breeds those “left seek 
other opportunities” memos and will 
produce lot security malpractice 
litigation the next two five years. 

Phil Rosch, analyst, Giga Informa- 
tion Group Inc., Cambridge, Mass. 


‘Touchy Subject 


biometric gadget the size car alarm 
remote control could not only unlock cars 
and homes but aiso validate credit card 


transactions the fly, according Cross 
Match Technologies Inc. Palm Beach 


Gardens, Fla. 


working model the Authorizer, it's 
called, still two and half years away. The com- 
pany hopes lower the price $50 apiece. The 
device will read the user’s fingerprint and 
send wirelessly third party for authorization. 
The Authorizer will have another layer security 
well: will able sense the blood flow finger. 
important, because means the finger must 
attached living person (not cadaver). And the blood 
flowing faster than normal for example, the user being held 
gunpoint the device could void the transaction. Mitch Betts 


Failure bring code, data and net- security, Corio Inc., San Carlos, Calif. 
specification will result jail sen- NOT IN-HOUSE JOB 
tences for board members and senior Security will outsourced, more 
executives. and more companies realize it’s too 
expensive in-house. Just com- 
panies outsourced their software 
years ago their modem banks 
five years ago, they will outsource 
their network infrastructures tomor- 


Thornton May, Toffler 
Associates Inc., Manchester, Mass. 


NATIONAL SECURITY COUNCIL? 
2010, security will become the 
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Advertising Supplement 


African Americans 


Based on sales, profits, assets, and market value, The tome 
lowing Gomipanies, arranged in descending order, are thea 


Jennifer Hicks Oracle 


att: Packard Gateway 
Engineer found that people entered the IT field for Compaq Computer Sciences COnDGREIOHaEs 
two primary reasons: training opportunities and "a __ EMC _______ 
pile Computers 

Microsoft Micron Technology 
Tech Data America Online 

Seagate Technologies 
Merox Automatic Data Processing 
Sun Microsystems Computer Associates: 
Solectron Science Applications 
Texas instruments 


professional development. But a 2001 QEV Analytics 
The U.S. population is a smorgasbord of diversity. One report commissioned by ITAA cites early exposure to 
technology as essential in helping minority members 


make the decision to enter IT. Yet, oftentimes, it is 


would think then, if recollections of probability theories 
from statistics classes are correct, that our various 

populations would be represented in similar proportions the early exposure to IT that some minority groups 
within the IT industry. However, such is not the case. have missed. 
African Americans comprised 12.3 percent of the popula- BDPA, along with many community organizations 
tion according to Census 2000, yet a recent Information such as Jesse Jackson's PUSH Coalition and some 
Technology Association of America (ITAA) study reveals that corporate foundations, are taking steps to remedy 
the situation. Specifically, BDPA serves as an 


intermediary between the information technology 


they make up only 6% of the IT workforce. (The numbers 
are even worse for Latinos and First Nations members.) 


Renee McClure, national president of the Black Data Pro- 
cessing Associates (BDPA), sees things a bit better though, 
albeit with an accompanying negative: “There is a signifi- 
cant number African Americans IT, [but] not that many 
have arrived at positions of power and decision-making.” 

So the problem is two-fold. First, African Americans, as 
is true with other minorities, are not proportionately 
represented in the IT industry. Second, those who are in 
the industry are not often in executive positions. 

A 2001 survey by ITAA, IT Magazine, and U.S. Black 


and African American communities. More than 40 chapters 
across the U.S. offers workshops, career counseling, techno- 
logical assistance, networking opportunities, and computer 
competitions to those interested in technology and those 
seeking to advance their careers. 

For seasoned IT professionals, promotions can be diffi- 
cult unless your employer provides training opportunities. 
Technology changes rapidly and unless one has up-to-date 
skills and training, moving up the corporate ladder can be 
impossible. Those organizations that are tops in their field 


(see sidebar) provide access to training and thus “grow 
their own” IT pros are also more likely to make career 
advancement possible within their organizations. 


Author bio: 

Jennifer Hicks, author of several hundred 
articles and who lives in the Boston area, is the 
director of online content for IMDiversity.com 
http://www.imdiversity.com, the Web site where 
opportunities, careers, and diversity connect. 
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If you're anxious to apply your education to real-life challenges, you'll find the world's best 
proving ground at Northrop Grumman Corporation. 


Thanks to key acquisitions and major new contracts, Northrop Grumman is now an $18-billion 
global powerhouse with leadership in aerospace, defense electronics, information systems, 
cyberspace, ship building, commercial electronics and much more. 


Join us and work on such advanced projects as the Joint Surveillance Target Attack Radar 
Systems (Joint STARS); the BAT “brilliant" anti-armor submunition; DDG 51 Class Aegis guided 
missile destroyer; Distributed Mission Training program for the Air Force; the B-2 Spirit stealth 
bomber; the Space-Based Infrared System ballistic missile warning and tracking system (SBIRS) 
High; nuclear powered aircraft carriers and submarines; as well as many others. 


Accelerate your professional growth through our career development programs. Ideal majors are 
Computer Science, Engineering, Manufacturing, Materials Technology, Physics and Mathematics. 


We are currently searching for individuals with knowledge or expertise in: * Aerospace 
Engineering * Business Administration * Computer Engineering * Computer 
Science « Electrical Engineering * Manufacturing Engineering * Management 
Information Systems * Mechanical Engineering 


www.northropgrumman.com 


NORTHROP GRUMMAN 


For opportunities currently available with Northrop Grumman, please contact: 


Northrop Grumman Component Technologies - E-mail: mausda@mail.northgrum.com 
Source Code: IDG0715 


Northrop Grumman Electronic Systems - 
E-mail: ElectronicSystems.NewGrads @northropgrumman.com, Source Code: |DG0715 
Please use the Source code above on the “subject” line of all correspondence. 


Northrop Grumman Information Technology 

Apply online at: www.northropgrummanit.com 

Northrop Grumman integrated Systems - E-mail: careers @mail.northgrum.com 
Source Code: IDGO715 


Northrop Grumman Newport News - E-mail: empioyment@nns.com 
Source Code: SWE0402, Apply online at: www.nns.com/careers/careers.htm 
Please use the Source code above on the “subject” line of all correspondence. 


Northrop Grumman Ship Systems - E-mail: employment @avondale.com 
Source Code: IDG0715, See us online at: www.avondale.com 


Northrop Grumman Ship Systems - E-mail: employment@ingalls.com 
Source Code: IDG0O715 


U.S. Citizenship is required for most positions. EOE M/F/D/V. 


like the real world show what you can do. 
= 
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Freddie Mac Fortune 
company with important public 
mission: lower the cost home 
mortgages more families can 
own homes. And need your 
help. you want work for 
company that supports inclusion, 
values different opinions and 
wants you have rich, fulfilling 
inside and outside the 
yourself new career 


www.freddiemac.com. Your life 


isnt the only one you'll change. 


Freddi 


We Open Doors” 


www.freddiemac.com 


FBI Special Agent Frank 

Frank Andrews has been FBI Special Agent for eight years. 
his own words, Special Agent Andrews tells what working 
for the FBI really like. 


his most rewarding case: 

“When working fugitive cases you 

never know who suspect will impostor. For 
instance, one particular fugitive was posing 
this individual for writing bad checks across 
the country. was extremely rewarding 
capture fugitive who was callously 


deceiving members the church.” 


why others should consider 
career the FBI: 

“If you are adaptable 
and seek challenges; you are 
looking for job that diverse and 
never becomes monotonous, then 
this the career choice for you.” 


qualify for the FBI Special Agent position, you must possess college degree, 
available for assignment anywhere the jurisdiction, between the ages 
and 36, and excellent physical condition. 


Special Agents come from broad range educational disciplines and professions, 
however, the FBI has special needs for candidates with critical skills among the following 
areas: Computer Science IT, Engineering, Law Enforcement, Foreign 
Military Intelligence, Physical Sciences, and Foreign Language (Arabic, Chinese, Farsi, 
Hebrew, Hindi, Japanese, Korean, Punjabi, Russian, Spanish, Urdu, and Vietnamese). 


Professional Support Positions may also available the following areas: 
Computer Science, Engineering, and Information Technology. 


Please visit our website and apply at: www.fbijobs.com Positions added daily. 
You must U.S. citizen and consent complete background investigation, drug test, 


and polygraph prerequisite for employment. Only those candidates determined 
best qualified will contacted proceed the selection process. The FBI equal 


opportunity employer. 


BDPA 2002 
24th ANNUAL NATIONAL CONFERENCE & CAREER FAIR 
“Changing the Culture of iT; From Actess to Ownership” 
Disney's Contemporary® Resorts, Lake Buena Vista, Fi 


AUGUST 7-11, 2002 


ROGER BERRY 
‘ee"—i Senior Vice President and Chief information Officer for the. Wait Disney World 
eS Resort, will be the Keynote Speaker for the Awards Banquet, Saiurday, August 
LEADING EDGE SEMINAR TRACKS: YOUTH CONFERENCE 
INFORMATION TECHNOLOGY Hands-on training and workshops in technol- 
LEADERSHIP DEVELOPMENT ogy, PC Building Race and IT Knowledge 
ENTREPRENEURS & SMALL BUSINESS Quiz Bowl 
CAREER DEVELOPMENT NETWORKING OPPORTUNITIES 
ACADEMIC DEVELOPMENT DIGNITARIES RECEPTION & 
* COLLEGE STUDENT TRACK ROUNDTABLE 
2-DAY WORKSHOPS ENTREPRENEUR SHOWCASE 
* INTRODUCTION TO JAVA COLLEGE & HBCU ROUNDTABLE 
* INTRODUCTION TO DB2 TOWN HALL MEETING 
IT SENIOR MANAGEMENT FORUM AWARDS BANQUET 
(ITSMF) -sponsored Walt Disney World 
Network with ClOs and Senior Management BDPA IT GOLF CLASSIC 
Professionals * PRAYER BREAKFAST 
HIGH SCHOOL COMPUTER COMPETITION CAREER FAIR & TECHNOLOGY EXPO 
Experience the excitement as high school Friday, August 9 10:00am to 6:00pm 
students display their skills and expertise in Saturday, August 10 10:00am to 4:00pm 
programming and technical presentations. * Free admission with resume 


Full 2-DAY Seminars!! 
Tuesday, August Wednesday, August 7th 
INTRODUCTION XML PROCESSING WITH JAVA™ 
DB2 UDB THE WORKSHOP FOR DBAS 


BDPA 2002 24TH ANNUAL NATIONAL CONFERENCE 
PHONE: (800) 727-BDPA _— FAX: (301) 220-2185 WEBSITE: WWW.BDPA.ORG 
6401 Golden Triangle Drive, Suite 450, Greenbelt, MD 20770 


=SIDG RECRUITMEN 
SOLUTIONS 


The Diversity supplements from 
IMDiversity.com and IDG Recruitment 
Solutions are the only way to reach 
and recruit the most qualified and 
diverse IT and Engineering 
professionals in the United States. 


This powerful partnership is the 
answer to your print and online 
Diversity recruitment needs. 


August Diversity Issue: 

Latino Americans in IT 

Issue date: August 19, 2002 
Space reservation: August 7, 2002 
Materials due: August 15, 2002 
Bonus distribution: P/CKDiversity, 
Chicago, IL 


November Diversity Issue: TBD 
Issue date: November 11, 2002 
Space reservation: October 30, 2002 
Materials due: November 7, 2002 


For more information, contact Janis 
Crowley 800-762-2977, ext. 7607, 
or email at janis_crowley@itcareers.net. 


Recruit, retain, communicate and diy 
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Technology 
and Bio-IT 


supple 
address 


issue Bio-IT World, 

and will distributed 
the Women 


Conference 


San Diego, CA. 


Space limited and avail- 
able first come first 
served basis until August 
23rd. Call Janis Crowley 
today 
space. 


Computerworld 


All kinds people. 
All kinds projects. 


At Microsoft, diversity matters. 
Not just in the way we hire, but 


in every facet of our operation. 


Because ultimately, we believe 
that a diverse workforce will 

not only enrich our performance 
and products, but also the lives 
of our employees, and the very 
communities in which they live 


and work. 


For more information, visit our 
Web site. When applying for a 
position, please indicate Job 
Code A22y6-0715 the 
subject header. 


July 15, 2002 


One place. 


diversity.htm 


careers.com 


DATABASE SPECIALIST 


ADMINISTRATIVE INFORMA- 
TION TECHNOLOGY SER 
VICES (AITS) UNIVERSITY 
OF ILLINOIS AT URBANA- 
CHAMPAIGN 


AITS has one full-time opening 
for a Database Specialist, 
available immediately at the 
Urbana-Champaign campus 
location of the University of 
Mlinois. 


The Database Specialist will 
work with AITS Data 
Administration and Systems 
Development and University 
ERP and Decision Support 
staff to establish, administer 
and maintain test, development, 
QA, CRP. training, regression 
test and production enterprise- 
wide database environments 
for the SCT Banner ERP appii- 
cation, bolt-on applications. 
Enterprise Data Warehouse 
and data marts in the client 
‘server environment 


We are looking for Database 
Specialists to plan, install, con- 
figure and administer database 
software and maintain data- 
bases/instances in accordance 
with industry-standard best 
practices, as well as provide 
performance tuning at the server 
and application levels; design 
implementation and support of 
procedures integrating Oracle 
advanced features into new 
and existing environments, 
including Advanced Security, 
Log Miner, Data Guard, Virtual 
Private Database, Automated 
space and memory manage- 
ment. Oracle Flashback, 
External Tables for data ware- 
housing etc. Defined duties 
include: primary support of 
Oracle and secondary support 
of Sybase database manage- 
ment systems; physical data 
modeling for the Enterprise 
Data Warehouse using Erwin; 
performance analysis and tuning 
of ERP applications, Business 
Objects universes and reports 
in both ERP and DS environ- 
ments and ad-hoc queries in 
EDW and data marts and 
administration and support of 
the Informatica ETL suite 
Additional responsibilities include 
defining, implementing, and 
monitoring environments and 
configurations, database require- 
ments analysis, security man- 
agement, design and impie- 
mentation of back-up/recovery 
and disaster recovery using 
RMAN & EMC Timefinder 
strategies, implementation and 
support of the Appworx sched- 
uling tool, deploying Oracle 
Enterprise Manager (OEM) as 
an enterprise-wide monitoring 
tool, implementation of central- 
ized name resolution strategies 
using LDAP, development of 
Perl & PL/SQL scripts to 
f eduralize database adminis- 
tration task and troubleshooting 
of production issues as they 
occur. Unix is used for database 
requirements analysis and cre- 
ation of scripts for execution of 
system application functions. 


Bachelor's in Computer Science 
or Electrical Engineering, two 
years experience in job offered 
or as a database analyst is 
required. ust have Oracle 
DBA Certification 


The University of lilinois offers 
a full benefits package that 
includes health care, dental 
care, life insurance, 24 vacation 
days a year, tuition wavers and 
other benefits 


To apply for this position 
please submit a letter of appli- 
cation specifying position title, 
a resume, and the names and 
telephone numbers of three 
references who can verify your 
ability to carry out the duties 
described above to 
Administrative Information 
Technology Services 
50 Gerty Drive, MC/673 
Champaign, IL 61820 
Email: aitshr @ uillinois.edu 


The University of Illinois is an 
Equal Opportunity / Affirmative 
Action employer committed to 
excellence through diversity. 


DATABASE SPECIALIST 


ADMINISTRATIVE INFORMA- 
TION TECHNOLOGY SER- 
VICES (AITS) UNIVERSITY 
OF ILLINOIS AT URBANA- 
CHAMPAIGN 


AITS has one full-time opening 
for a Database Specialist, 
available immediately at the 
Urbana-Champaign campus 
location of the University of 
Mlinois. 


The Database Specialist will 
work with AITS Data 
Administration and Systems 
Development and University 
ERP and Decision Support 
staff to establish, administer, 
and maintain test, development, 
QA, CRP, training, regression 
test and production enterprise- 
wide database environments 
for the SCT Banner ERP appli- 
cation, bolt-on applications, 
Enterprise Data Warehouse 
and data marts in the client 
/server environment. 


We are looking for a Database 
Specialist to plan, install, con- 
figure and administer database 
software and maintain databases 
instances in accordance with 
industry-standard best practices, 
as well as provide performance 
tuning at the server and applica- 
tion levels; design, implementa- 
tion and support of procedures 
integrating Oracle advanced 
features into new and existing 
environments, including 
Advanced Security, Log Miner, 
DataGuard, Virtual Private 
Database, Automated space 
and memory management, 
Oracle Replication (Multi 
Master and Master snapshot), 
External Tables for data ware- 
housing etc. Defined duties 
include: primary support of 
Oracle and logical and physical 
data modeling for the Enterprise 
Data Warehouse using Erwin; 
capacity planning, performance 
analysis and tuning of ERP 
applications, Business Objects 
universes and reports in both 
ERP and DS environments and 
ad-hoc queries in EDW and 
data marts and administration 
and support of the Informatica 
ETL suite. Additional respon- 
sibilities include defining 
implementing and monitoring 
environments and configurations, 
database requirements analysis, 
security management, design 
and implementation of back-up 
/recovery and disaster recovery 
using RMAN & EMC Time 
finder strategies, implementation 
and support of the Appworx 
scheduling tool, deploying 
Oracle Enterprise Manager 
(OEM) as an enterprise-wide 
monitoring tool, implementation 
of centralized name resolution 
Strategies using LDAP. devel- 
opment of PL/SQL scripts to 
proceduralize database admin- 
istration tasks and troubleshoot- 
ing of production issues as they 
occur. Unix is used for database 
requirements analysis and 
creation of scripts for execution 
of system application functions. 


Bachelor's in Computer Science 
or Electrical Engineering, two 
years experience in job offered 
or as a database analyst is 
required. Must have Oracle 
DBA Certification 


The University of Illinois offers 
a full benefits package that 
includes health care, dental 
care, life insurance, 24 vacation 
days per year, tuition waivers 
and other benefits 


To apply for this position, please 
submit a letter of application 
specifying position title, a 
resume, and the names and 
telephone numbers of three 
references who can verify your 
ability to carry out the duties 
described above to: 
Administrative Information 
Technology Services 
Human Resources 
50 Gerty Drive, MC/673 
Champaign, IL 61820 
Email: aitshr @ uillinois.edu 


The University of lilinois is an 
Equal Opportunity / Affirmative 
Action employer committed to 
excellence through diversity. 


CAREERS 


OH Manuf. of Eletr. Testing 
Instruments seeks Network and 
Communications Manager to 
provide network administration, 
support for company's worldwide 
LANs, file servers, network com- 
puters; oversee the configura- 
tion, upgrades, hardware pre- 
ventive maintenance; diagnosis, 
resolution of network related 
problems; support of Telecom- 
munications, Voice messaging 
systems; Troubleshooting; provide 
Software support; Data Replication 
& Development of Data Replica- 
tion Tools to assist in data sharing 
between Offices and Mobile 
Field Service Engineers; admin- 
istration of maintenance agree- 
ments with company's vendors; 
develop/implement the virtual 
private network for company's 
business; development, deploy- 
ment of in-house developed 
business systems/application 
databases; recommend/acquire 
PC related hardware/ software. 

Min. 2 yrs. in-job exp., including 

Novell Netware Servers; Novell 
CNE, Microsoft NT Servers; Lotus 
ccMail; Lotus Notes Server; 
mobile communications experi- 
ence over a global area; network 
security; management experience. 

Travel req. Resumes to P.O. Box 
568, 44 East Exchange Street, 
Akron, OH 44328. No calls. EOE. 


Computer Systems Analyst who 
will plan, analyze, design, develop 
and enhance ERP and client 
server based applications using 
working knowledge of People- 
Soft Financials 6.0/7.0/7.5/8.4, 
PeopleCode, People Tools, SOR, 
Crystal Reports and nVision. Will 
design, implement and cus- 
tomize PeopleSoft HRMS and 
Financial Applications using 
SYBASE, UNIX, JDBC, PL/SQL, 
Oracle 8.x, Windows NT/98, 
Java 2.0 and JDK. Applicant 
must have at least five and one 
half years experience planning, 
analyzing, designing and en- 
hancing ERP and client server 
based applications. Applicant 
must have working knowledge 
of PeopleSoft Financials 6.0 
7.0/7.5/8.4, PeopieCode, People 
Tools, SQR, Crystal Reports. 
nVision, SYBASE, UNIX, JDBC, 
PL/SQL, Oracle 8.x, Windows 
NT/98, Java 2.0 and JDK. Appli- 
cant must have a Bachelor 's 
degree or foreign degree equiv- 
alent in Engineering or Computer 
Science. Work involves extensive 
travel and frequent relocation 
$70,500/year, 40 hours/week, 
9:00am-5:00pm. Send resurne, 
listing Job Order Number WEB 
253751, to JS Supervisor, Green 
County Team PA CareerLink, 4 
West High Street, Waynesburg, 
PA 15370-1324. 


PROGRAMMER/ANALYST to 
analyze, design, develop, test 
implement and maintain business 
critical credit card application 
software in a client/server envi- 
ronment using C, C++, Oracle, 
Pro*C, PL/SQL, SQL*Loader, 
SQL Plus Reports and Visual 
Basic under UNIX and DOS 
operating systems. Require: B.S. 
degree in Computer Science 
Engineering, Management infor- 
mation Systems, or a closely 
related field with two years of 
experience in the job offered 
Competitive salary offered. Send 
resume to: Debra L. Crow, 
Citibank Universal Card Services, 
8787 Baypine Road, Jacksonville, 
FL 32256; Attn: Job PN 


Business Objects has an opening 
for the position of Computer 
Systems Analyst to be based out 
of our Chicago, IL office. The 
Computer Systems Analyst has 
an overall responsibility for data 
warehousing, client/server appli- 
cation design & development 
The position requires a min. of a 
Bachelor's degree or equivalent 
in Computer Science, Information 
Systems, Business (MIS) or re- 
lated & two years experience in 
IT or Consulting/Development 
To apply for a position visit our 
website at www.businessobjects. 
com/careers or forward your 
resume (ref |W0402) to: Business 
Objects Americas, Attn: Staffing 
3030 Orchard Pkwy, San Jose, 
CA 95134. EOE 


IVR PROGRAMMER/ANALYST 
to analyze, design, develop, con- 
figure, implement and test soft- 
ware and databases for voice 
network using Edify IVR; Design 
and develop speech recognition 
software using Nuance and 
DialogBuilder APIs; Design, test 
and implement CTI systems using 
Nortel TAPI server and CT 
Connect; Analyze and report 
CCMIS; Integrate IVR systems 
with PBXs, ACDs_ including 
Rockwell and Aspect, and data- 
bases including Oracle. Require: 
B.S. degree in Computer Science, 
an Engineering discipline, or a 
closely related field with two 
years of experience in the job 
offered or as a Systems Analyst 
Extensive travel on assignments 
to various client sites within the 
U.S. is required. Competitive 
salary offered. Send resume to: 
Harish Krishna, VP |VR/Speech 
Solutions, Sages Networks Inc., 
1106 Briarcliff Place, Atlanta, 
GA30306; Attn: Job VC. 


SENIOR SOFTWARE ENGI- 
NEER to design, develop, test, 
implement and support application 
software for the telecommunica- 
tion industry using object oriented 
programming, J2SE, J2EE, C, 
C++, Java, UNIX Shell Scripts, 
EJB, CORBA, UML and Visio 
under UNIX, Windows and DOS 
operating systems. Require: M.S 
degree in Computer Science, 
Systems Science, or a closely 
related field with two years of 
experience in the job offered 
or as a Programmer/Analyst 
Extensive travel on assignment 
to various client sites within the 
U.S. is required. Competitive 
salary offered. Send resume 
to: Roz L. Alford, Principal, ASAP 
Staffing LLC, 3885 Holcomb 
Bridge Rd., Norcross, GA 
30092; Attn: Job AM. 


SPL-WorldGroup is an interna- 
tional builder of customer infor- 
mation systems for utility com- 
panies. We are currently looking 
for individuals to work in our 
development centers in San 
Francisco, California; Morristown, 
New Jersey; Chicago, lilinois and 
other various unanticipated sites 
throughout the United States as: 
Programmer Analysts 
Systems Analysts 

Database Administrators 
System Administrators 
Software Engineers 

“Travel is required for some 
positions. 

SPL WorldGroup, Inc. 

75 Hawthorne Plaza, Suite 2000 
San Francisco, CA 94105 

Attn: Jennifer Bowman 

Fax: 415-977-4551 

E-mail 
jennifer_bowman@splwg.com 


Prog./Analyst. Job location 
Overland Park, KS. Duties: 
Resp. for testing & verifying code 
for Telecom. PCS IT AD testing 
lab using Silk Test. Support 
testing activities for key develop. 
efforts & support system environ. 
Develop, write & maintain test 
guidelines, test cases & scripts. 
Determine test requirements & 
coord. test scheduling. Conduct 
systems integration tests, load 
testing & perform functional test- 
ing using Segue Products & 
Rational Products incl. Rational 
Test Suite. Requires: B.S. in 
Comp. Sci., Info Tech., Eng. or a 
related field & 2 yrs. exp. in the 
job offered or 2 yrs. exp. as a 
Systems Analyst or Prog. Will 
accept any comb. of educ. & exp. 
equiv. to a B.S. degree. Concurrent 
exp. must incl. 2 yrs. exp. per- 
forming functional testing using 
Rational Test Suite & 2 yrs. exp. 
developing & writing test cases 
& scripts. Send resume (no calls) 
to: Danielle David, CTG, Inc., 
13220 Metcalf Ave., Ste. 140, 
Overland Park, KS 66213. 
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DATABASE ADMINISTRATOR 
to administer, design, develop, 
maintain and support OLTP and 
DSS using SQL, PL/SQL, 
Stored Procedures, Functions, 
Triggers, packages and SQL*Plus 
on SUN Solaris Platform with 
Oracle Parallel Server and Oracle 
Advanced Replication options; 
Develop procedures to extract, 
transform and load data from 
legacy systems into Data Ware- 
house databases using FTP 
tools, SQL*Loader, UNIX Shell 
Scripting and PERL Scripting; 
Perform backup recovery using 
RMAN, Net Backup, Veritas and 
Export/Import utilities; Tune Oracle 
databases for optimal performance 
using STATSPACK; Estimate 
hard disk and memory require- 
ments using UNIX tools; Monitor 
database activity using OEM and 
TOAD. Require: Master's degree 
in Computer Science, an Engi- 
neering discipline, or a closely 
related field with two years of 
experience in the job offered. 
Extensive travel on assignment 
to various client sites within the 
U.S. is required. Competitive 
salary offered. Send resume to: 
Krishna Mupparaju, Data Matrix 
Associates, Inc., 102 Furlong 
Court, Frankfort, KY 40601 Attn 
Job ST. 


COMPUTER/IT 

RICE / HR Technical Developer. 
(Troy, Ml). Req. Bachelor's degree 
or equiv. foreign educ. in comp. 
science, mgmt. info. systems, or 
eng. field, & 2 yrs.’ exp. in the 
job offered or 2 yrs.’ exp. in the 
development, implementation 
& support of SAP R/3 Human 
Resources module, including 
Personnel Admin., Personnel 
Development, Time Mgmt. & 
Payroll sub-modules, using ABAP 
/4. All stated exp. must include 
the following: the use and con- 
figuration of ALE (application link 
enabling); implementation of user 
exits and BADI's (business add- 
ins), & BAPI's (business appli- 
cation programming interfaces); 
creation of Custom Infotypes; & 
performance tuning of SAP R/3 
transactions & programs. Exp. 
must include one full life-cycle of 
SAP R/3 development. 40 hrs./ 
wk. 9:00-5:00. Apply with resume 
to Jennifer McKenzie, Delphi 
Corporation, 5825 Delphi Drive, 
Troy, Michigan 48098. EOE 
Reference #0803 when applying, 


SR. SAP ENGINEER/CONSUL- 
TANT to analyze, design, devel- 
op and implement customized 
software applications using SAP 
R/3; Consult with and mentor 
client personnel in the Logistics 
and Financial components of 
the SAP R/3 software; Design, 
develop, implement and integrate 
complex client -server solutions, 
including infrastructure and 
organizational structure. Req 
Bach. deg. (or foreign equiv.) in 
Comp. Info. Systems, Mgt. Info. 
Systems, Business Admin, or 
a reiated field, with 3 yrs. of exp. 
in the job offered or as a SAP 
Consultant. Prior exp. must include 
3 yrs. using SAP R/3. Competitive 
salary and benefits. Send resume 
to: Pieter Badenhorst, TExperts, 
inc., 7740 Roswell Rd., Suite 
600E, Atlanta, GA 30350 


Oracle database administration 
including installation, 
configuration, tuning, back-up 
and recovery. Required: 
Master's degree in Comp 
Sci/Eng/Related or equivalent; 
and, certification as Oracle 
Database Administrator. In 
Bellevue, WA. Resumes to: 
Logical Networks, Inc. 
Human Resources, 

4224 6th Avenue, Bldg 2, 
Lacey, WA 98503 


Raj Consultants, inc., a software 
consulting/project development 
company has multiple openings 
nationwide for Programmer/Sys- 
tems Analysts, Software/Com- 
puter Engrs., Database/Systems 
Admins., Database Analysts, 
Unix/Network/NT Admins., and 
Project Leaders with experience 
in the following: Unix, C/C++, 
Java, EJB, JDBC, Corba, Visual 
Basic, PowerBuilder, Oracle, 
Dev. 2000, Sybase, Windows NT, 
ASP, Crystal Reports, ERWin, 
Perl, HTML/DHTML, VBScript, 
Sun Solaris, SCO Unix, Net- 
working Protocols, AS/400, Client 
/400, VAX/VMS, Vignette Story 
Server, Perl, TCL, Novell Net- 
Ware, Visual SourceSafe, ActiveX 
controls, Lotus Notes, Cobol, 
PeopleSoft, JDEdwards Integra- 
tion, WebMethods, and MS Office 
tools. Some openings require 
bachelor's degree, some masters's 
degree with at least 2 or more 
yrs exp. Equivalent degree and 
exp also accepted. Exc. pay & 
benefits. Travel and relocations 
may be required. Pls indicate 
the position you are applying 
for. Email resumes to: raj@ 
fci-consulting.com or mail to: HR 
Dept., Raj Consultants,tnc., 
1133 Green Street, Iselin, NJ 
08830. 
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Principal Consultant needed at 
client sites to lead full cycle 
impimtn, maintain & support 
Oracle E-Business Suite. Apply 
to ThoughtDigitai, 48 Broad St, 
Red Bank, NJ 07701. 


IT Firm with operations based in 
Alexandria, VA has multiple 
openings for IT professionals. All 
positions require related college 
degrees and relevant skills. Some 
of the skill sets needed include: 
Design & development of Oracle 
based applications 
* Oracle DBA 
* Software testing using manual 
and/or automated tools 
*Web-based applications 
development using JAVA, HTML, 
SQL Server, JAVA SERVELETS 
EJB 
Entry, mid-level, & senior level 
positions available. Competitive 
salary. Send resume to kmulder 
@realeum.com. AN EQUAL 


OPPORTUNITY EMPLOYER. 


Consulting Inc. 


TOP $$'s, W2 or 1099 


We are a fast growing 
Consulting company based 
in North Carolina. 
Excellent opportunities for 
Programmers, 
Systems Analysts, DBAs. 


Sun Solaris System Admins, 
Natural, Powerbuilder, 
ADABAS, ORACLE, SYBASE, 
PROGRESS, COBOL 
TCPAP, Deiphi/VB, Windows NT 


Send your resume to 
Rod McFadden 
Kama Consulting 
Fax: 704-896-9660 
Email:Kamaco@ aol.com 


Developer/Analyst; Perform life 
cycle application development in 
areas including Oracle, & DBMS 
applications, object oriented 
design & development & GU! 
development. Job sites throughout 
US. Apply to: Aljona Interservice, 
LLC, 791 Robert Treat Drive, 


Orange, CT 06477 


IT careers and 
ITcareers.com reach 
more than 2/3 of all US 
IT workers every week. 
If you need to hire top 
talent, start by hiring us. 


Call your IT careers 
Sales Representative or 
Janis Crowley at 
1-800-762-2977. 


ITCAREERS 
where the best get better 
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Cap Gemini Ernst & Young U.S. 
LLC is currently seeking 
individuals to fill Consultant and 
Manager positions in multiple 
locations nationwide, and in 
California including the Orange/LA 
counties area, San Jose area 
and the San Francisco Bay area 
To apply, please select 
Careers/Job Search at 
www.us.cgey.com and then 
Doorway to Opportunity. Use 
password 50861 for Manager or 
50862 for Consultant. 


Software Engineers needed; |m- 
plement Oracle applications at 
client sites; Perform conversions 
and develop migration plans for 
importing legacy financial data in 
to Oracle modules. Work with 3 
of the foliowing: Oracle, UNIX, 
SQL Server, Shell Scripting, Re- 
ports or Developer. Requires 
MS/BS degree or equivalent 
and/or relevant work experience. 
Mail resume, references and 
salary requirements to: Data 
Road Inc., 10151 Deerwood 
Park Bivd., Bldg. 100, #120, 
Jacksonville, FL 32256 


Smartsoft 

Programmer Analyst (2 positions) 
to analyze, develop and maintain 
web and client server appis using 
Java, XML, HTML, VB, Active X, 
Oracle, etc under Windows OS; 
perform database monitoring 
and quality control, coding and 
testing of projects; generate 
batch reports from existing data 
and debug for better perfor- 
mance. Require: BS or foreign 
equiv in CS or Engg (any 
branch) with 6 months exp in 
IT. Travel to client site in US. 
Competitive salary. F/T position 
Send Resume to: Smartsoft 
international, Inc., 4898 South 
Old Peachtree Road, Suite 200, 
Norcross, GA 30071. 


Computer/ITAS Professionals: 
INFOERA SYSTEMS, INC., a 
Delaware Corporation has 
multiple openings nationwide 
to research, analyze, design, 
develop, test and implement 
computer based programs and 
systems. Willing to Travel and 
relocate any where in US. 
Expertise /skills in RDBMS, 
Oracle, Sybase, MSSQL, PL 
/SQL, OOPS, C/C++, VB, ASP, 
XML, CFML, Java, J2EE, JSP, 
JMS, JMAPI, JDBC, EJB, JRun, 
Web Logic. Qualified candidates 
must have a Bachelor's or Master's 
degree in Computer Science 
or equivalent and 2+ years of 
progressive work experience. 
Ret: IESI0O2PR1. Apply by visiting 
www. infoerasystems.com or Fax 
your resume to 732-926-8376. 


SYSTEMS ANALYST-Quantita- 
tive- based financial manage- 
ment firm seeks Systems Analyst 
to provide software support & 
database management for com- 
puter-driven trading & accounting 
systems in a networked Sun/ 
Solaris UNIX environment. Duties 
include software development, 
maintenance & testing for equities 
database & various reporting 
programs.Successful applicants 
must have Master's in Computer 
Science & at least one year 
experience in job duties or one 
year exp. as Systems Analyst/ 
Software Engineer. Salary accord- 
ing to experience. Mail resume 
to RTC, 600 Route 25A, East 
Setauket, NY 11733, Attn: RMSB 


Information Systems Engineer 
wanted in Conroe, TX to set up, 
implement and manage infor- 
mation systems and network for 
order entry, inventory control, 
production and cost accounting 
systems, ensuring compliance 
with international petroleum 
industry standards. Req. B.Sci 
in Comp. Sci or Eng. plus 2 
yrs exp. in the job, Mail resumes 
to Mr. Tony Deeb, President, 
Packard international, inc 
22397 White Oak Drive, Conroe, 
TX 77306. No phone or fax. 


Software Engineer Il - ABAP/ 
SAP Conduct needs anal. & 
determine SAP-based IS req. in 
Materials Management, Saies, 
Accounting & Financial areas. 
using appropriate SAP R/3 mod- 
ules. Design, develop, install, 
maintain & upgrade syst., soft- 
ware & servers. Develop SAP 
F/3 applications, & integrate w/ 
web & other syst. using ALE/ 
EDI, idocs, BAPI, RFC, SAP 
Connectors, Middleware. B.S. or 
equiv. in Computer Sci. or related 
Engineering field, + 2 yrs exper. 
Send resume to VP, HR, En 
Pointe Technologies, 100 N 
Sepulveda Bivd., 19th El 
Segundo, CA 90245 


Rapattoni Corporation is 
looking for a Sr. Magic 
Applications Programmer/ 
System Analyst. Applicant 
should have BS or equivalent 
w/skills of Magic Program- 
ming & Btrieve. Job site/ 
interview: Simi Valley, CA 
Please email your resume 


to: Bret @ rapattoni.com 


GUI Software Developer (Char- 
lotte, NC): Design, deveiop, inte- 
grate implement & test N-tier, 
client-server-database applica- 
tions. Work w/ Microsoft Visuat 
InterDev ASP. java-script HTML, 
ActiveX, environment; 
Work w/ multiple databases 
Integrate existing applications 
into Microsoft Net Framework 
using ASP.Net, VB.Net,C#. Req 
BS or its foreign degree equivalent 
in C. Sc. + 2 yr. exp. in job offered 
Resume to Personnel manager. 
WebTone Technologies, 3390 
Peachtree Rd, Ste 600, Atlanta, 
GA 30326 


TX software and development 
Co. seeks Software Eng. to 
assist with the analysis, design, 
code, test and implementation 
for the applications; system 
development life cycle method- 
ologies and relational database 
design. Min. requirements 
Bachelor's Degree in Computer 
Information Systems or equiv. 
based on a credentials evalua- 
tion, and 3 months exp. in-job or 
job-related including experience 
with Oracle 8i/9i, PDM with 
eMatrix (MOL, Java ADK), Tcl/Tk, 
Oracle Designer 6/6i, Erwin, 
Oracle 9i Oracie forms (web) 
Oracle Reports(web)Pro*C, Sql 
Loader, PL/SQL (cartridges) 
J2EE, Unix Shell Scripting, Data 
Migration, developing test scripts, 
JAD facilitator, data warehouse 
with Cognos. Resumes to 
Inforide Technologies LLC, 8705 
Shoal Creek Bivd, Suite #108, 
Austin, TX 78757. No calls. 


Dir of Development to provide 
technical leadership to analyze, 
design & implement appis using 
Delphi, Java, VB, ERWin on 
Windows OS; manage databases 
using Oracle, Dev 2000, Ms 
Access, SQL, etc; interacts with 
business users to gather require- 
ments; review project requests 
and prioritize; assign, direct, 
manage development team; 
plan/execute QC policies. Req 
MS in CS / Engg. (any branch) 
with 3 yrs exp in job offered. 
A BS or foreign equiv in CS or 
Engg (any branch) with 5 yrs of 
relevant progressive exp will also 
be accepted. Highly competitive 
salary. F/T position. Resume to 
HR, Get Proof, inc., 3050, Royal 
Bivd South., Ste 195, Alpharetta, 
GA 30022 


SOFTWARE ENGINEER 
DotCom. Team is looking for Soft- 
ware Engineers. The candidate 
must have extensive experience 
in internet technologies like Web 
Methods, Vignette Storyserver, 
Java, VC++, JSP, XML, ASP etc. 
The job will require travel to 
client sites throughout the US. 
Min. req. include a BS in Engg. 
or a subspecialty field in engg., 
or math, computer science, or 
physics, and five years of pro- 
gressive work experience as a 
Software Engineer., or a Master's 
degree in one of the above fields 
and 2 years of progressive 
experience as a Software Engi- 
neer. 

DotCom.Team, LLC 

Attn: Bharat Agrawal 

22 River St., Suite A-4 
Braintree, MA - 02184 

Email - bharat@dotcom-team.com 


Market Research Analyst ll, 
E-Commerce/B2B: Conduct mkt 
research for computer products 
& services to determine potential 
& maintain & improve sales 
& mkt penetration. Establish, 
design & administer formats for 
mkt research & analysis, prepare 
reports & analyses, & use to help 
determine mkting strategy & 
focus. Train & supervise staff & 
junior analysts. Follow up to 
determine effectiveness of 
methods & efforts of competitors. 
BA or equiv + 1 year. Respond to 
VP, HR, En Pointe Technologies, 
100 N Sepulveda Bivd, 19th Fl, 
El Segundo, CA 90245. 


Director, Bus. Planning, E-Com- 
merce/B2B. Formulate policy 
& strategy to identify alliance 
partners & institutional customers 
for services, & forge alliances. 
Develop & oversee gathering & 
analysis of demographic, market, 
products, etc. data; interface w/ 
mgmt, sales & mkting groups to 
focus & implement strategy. 
MBA & min. 2 yrs. experience in 
same or related area. Send 
resume to VP, HR, En Pointe 
Technologies, 100 N. Sepulveda 
Bivd., 19th Fl., El Segundo, CA 
90245. 


Special Projects Director for 
company located in Grand 
Prairie, Texas. 40-hour week, 
8a-5p, Masters or foreign degree 
equivalent in Computer Science 
and 1 year experience as a 
Systems Analyst. Supervise 1 
employee. Responsible for IT 
project management including 
planning, designing and imple- 
menting technology solutions in 
order to reduce production costs 
and increase efficiency. Fax 
resume to Human Resources 
972-642-9987 


Software Engineers (2 positions) 
to analyze, design develop web 
based client/server appis using 
VC++, HTML, Java, Beans, JSP. 
EJB, XML, VB, Serviets, PL 
/SQL, Oracle, MS Access under 
Windows, UNIX, & Weblogic 
appl! server platforms; design/ 
develop prototype models (Use- 
Case) using Rational Rose; trouble 
shoot S/W and H/W problems 
and recommend upgrades; in- 
teract and mentor other project 
team members & end users. 
Require: MS in CS or Engg. (any 
branch) with 3 yrs exp in iT. BS 
or foreign equiv in CS or Engg 
(any branch) with 5 yrs of rele- 
vant progressive exp will be 
accepted. Competitive salary. 
Req. travel to client sites. F/T. 
Resume to: Unilinx, Inc., 4625. 
Alexander Dr, Ste 110, Alpharetta, 
GA 30022 


QUALITY CONTROL ENGI- 
NEER- Quantitatively-based 
financial management firm seeks 
experienced Quality Control 
Engineer for its Database de- 
partment. Duties include running 
estimations & simulations of 
market software, analyzing 
results & tracking unexpected re- 
sults or bugs through compiex 
mathematical algorithms requiring 
knowledge of linear algebra & 
advanced statistical methods. 
Successful applicants must 
possess Master's degree in 
Computer Science and at least 
one year experience in job duties 
or one year experience as 
Systems Analyst working with 
financial instruments software. 
Salary according to experience 
Mail resume to RTC, 600 Route 
25A, East Setauket, NY 11732, 
attn: RM. 


SavaJe Technologies Inc. has an 
opening in its Lisle, IL office for a 
Software Developer Ii who has a 
Bach. in Computer Sci. or Eng. & 
5 yrs C/C++ prog. exper., incl. 2 
yrs of exper. w/ Java & exper. 
w/ Visual Studio, JavaSpace, 
implementation of Java API 
class libraries & utilizing object- 
oriented modeling technique 
methodologies. Interested can- 
didates should send resume 
to Ref. SDil, Julie A. Geren 
Human Resources Manager, 11 
School Street, North Cheimsford, 
MA 01863. 


Consit. Comp. req. Progg 
Analyst w/BS degree or equiv 
equivi. & 18 mos. exp. Des. and 
Dev. automated control system's 
Embedded device process to 
control vaive system with C/ 
Unix/USX/Sea-change. Des 
process for remote server to 
get automated device status 
remotely using C/Unix. Dev. 
process for control device 
screens W/C. Des. in house 
modbus and distribution protocol 
for client-server control systera 
Travel to various client sites 
anywhere in US is required 
Send res to Recruiter, Hirsh 
Information Sys, Suite #L, 10 
Ari Dr, Somerset, NJ 08873. 


Software Engineers & Program- 
mers. Analyze, design, develop 
and test applications for online 
security and utility industries 
in C, C++, Java, MQSeries, 
Websphere Application Server 
4.0, Oracle, DB2, PL/SQL, UML, 
Security API's, PKI, Rational 
Rose, XML, Serviets, EJB, J2EE 
and related security technologies. 
Prevailing wage/benefits. Con- 
sulting positions requiring travel 
to client sites. Send resume to 
HR, Trinsol, inc. 1205 Spring 
Ridge LN, Flowermound, TX 
75028. 
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Seeking qualified applicants 
for the following positions in 
Memphis, TN: Sr Business 
Application Analyst: Coordinate 
‘serve as liaison between tech- 
nical developers and users/ 
customers. Requirements: bach- 
elor's degree” in computer sci- 
ence, math, statistics, business 
or related field plus 5 years of 
experience in analyzing business 
systems and developing technical 
automated solutions. Experience 
with PeopleSoft applications. 
SQR and Informix also required. 
Senior Programmer Analysts 
(2): Formulate/define functional 
requirements and documertation 
based on accepted user criteria. 
Requirements: bachelor's degree” 
in computer science, MIS, engi- 
neering or related field plus 5 
years of experience in systerns 
/applications development. Ex- 
perience with Oracle and UNIX 
scripting also required. *A master's 
degree in the stated field can 
offset 2 years of required expe- 
rience for any of the positions. 
Please indicate which position 
you are applying for on your 
resume. Submit resumes to Sibi 
George, FedEx Corporate 
Services, 1900 Summit Tower 
Bivd., Suite 1400, Orlando, FL 
32810. EOE M/F/D/V. 


Senior Software  engineer- 
Design & implement Network 
Management System software 
on Cisco platform using Cisco 
Element Manager Framework, 
C++, Unix & Object Oriented 
design & development method- 
ologies. Design management 
systems software by analyzing 
Management Information Base 
& develop Network Management 
System software using Simple 
Network Management Protocol 
Must have Master's degree in 
Computer Science, Electrical 
Engineering or related field & 
one year of experience as Soft- 
ware Designer Communication 
Network Management. To apply 
Send resume to attn: Angie 
Lebitz, Cyberwerx, Inc. 13000 
Weston Parkway, Ste. 109, Cary, 
NC 27513. 


SOFTWARE ENGINEER-Quan- 
titative-based financial manage- 
ment firm seeks Software Engi 

neer for its Production department. 
Duties include: develop & maintain 
computer links between futures 
trading system & trading desk; 
write new programs for real-time 
data area & real-time systems. 

including programs to handie 
real-time aspects of data feeds 
& serving data in real-time to 
(program) clients; create/verify 
mathematical trading models 
for real-time trading systems. 
Successful applicants must 
possess Master's in Computer 
Science, Mathematics or Physics 
& at least one year experience in 
job duties or one year experience 
as Software Engineer engaged 
in theoretical analysis. Salary 
according to exp. Mail resume 
to RTC, 600 Route 25A, East 
Setauket, NY 11733, Attn: GHEV 


F/T Software Applications Engi- 
neer. Responsible for modifying 
and/or enhancing new as well as 
existing applications. Analyze 
business requirements & design 
& develop documentation to 
support business requirements 
& specify software design changes 
as well as implement & test 
designs. Work w/ muiti-threading, 
MS Visual C++, COM, C, C++, 
UML, Rational Rose, VB, Star 
Team & Visual Source Safe. 
Must have Bachelor's degree in 
CS, Electronic & Communications 
Engin.or related field. Foreign 
degree equivalent accepted. 
Must have 5 yrs. exp. in job 
offered or position w/ same 
duties. Send resume: dgorga 
@ups.com or UPS, Job Code 
ISSCW, P.O. Box 833, Mahwah, 
NJ 07430, Attn: Deborah Gorga, 
Human Resources, B-098. 
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SOFTWARE QUALITY 
ANALYST & DATABASE 
ADMINISTRATOR 


ADT Security Services, Inc., the 
leading electronic security ser- 
vices company, has immediate 
openings in its Boca Raton office 
for experienced Software Quaiity 
Analysts and Database Admin- 
istrators 


Software Analysts will analyze 
system integration and compati- 
bility issues with business analysts 
and development teams, design 
and write procedural documents. 
analyze software functionality 
versus business process issues 
and work with users during train- 
ing. 


DBAs will be responsibie for the 
administration of several pro- 
duction and development data- 
bases, analyze database re- 
quirements of user departments, 
design, develop and modify tests 
and debug databases. 


Software Quality Analysts and 
DBAs must possess a bachelor's 
or its equivalent in computer 
science, engineering or a related 
technical field and relevant work 
experience. Work experience for 
Software Quality Analysts must 
include Oracle Applications 
Databases/Tools and PL/SQL 
and writing and maintaining 
automated test scripts. 


Work experience for DBAs must 
include Oracle database admin- 
istration tools and techniques, 
Windows 95/98, SQL, UNIX (in- 
Cluding shell script programming, 
shell interfaces and basic system 
administration) and with the con- 
figuration, performance tuning, 
maintenance, planning and design 
of databases 


Resume and/or cover letter must 
reflect each requirement above 
and specify reference code 
SQA/DA or it will be rejected. 


Forward resume to Theresa 
Maia, ADT, One Town Center 
Road, Boca Raton, FL 33486- 
1010. 
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WEB DEVELOPER 


EXECUTIVE GREETINGS, INC.; 
A business-to business direct 
marketing company, has an im- 
mediate opening in New Hartford, 
Connecticut, for a Web Developer. 


Evaluate complex business needs 
to determine technical solutions 
to problems or improvements 
to the business environment 
Create new systems by conferring 
with users to determine their 
software needs. Apply technical 
and business solutions and use 
data structure design and pro- 
gram technologies to satisfy user 
requirements. 


Must possess a bachelor's degree 
or its equivalent in Computer 
Science or a related field and rel- 
evant work experience, including 
Windows NT/98, Sun Solaris, 
Java, Java Script, HTML, XML, 
Oracle, SQL Server, ASP, C++, 
EJB, J2EE, JSP, and Weblogic 


Resume and/or cover letter must 
reflect each requirement above 
and specify reference code WD 
or it will be rejected. 


Forward resume to: Lucy 
Chwaszczynski at Executive 
Greetings, Inc. 120 Industrial Park 
Access Road, New Hartford, CT 
06057 


Software Engineers needed 
Seeking qual, cand. possessing 
MS/BS or equiv. in ICS, CS, EE 
or related and/or relevant work 
exp. Design, implement. test & 
support device drivers & kernal 
software for a high performance. 
headless CISC server. Part of 
the relevant exp. must include 1 
of the following: 12C & SPI, NIC 
& Serial. System and/or Board 
bringup exp. highly desirable 
as is is embedded systems 
development exp. Mail resume & 
ref. to: Newisys, Attn: HR, 10814 
Jollyville Bivd, Bidg. 4, #300, 
Austin, TX 78759 


Computerworld InfoWorld 


SENIOR SOFTWARE 

ENGINEER 
Performs engineering functions 
required to design, debug, and 
document software products 
for customers as part of custom 
fastening equipment and systems. 
Specific duties: review cus- 
tomer’s functional specifications, 
and work with customer's to en- 
sure software product design will 
Satisfy documented requirements; 
responsible for preparation of 
functional and design specifica- 
tions, implementation details, 
coding and debugging, and 
source code documentation 
required for execution of a 
defined software project; provide 
technical liaison with outside 
software contractors and cus- 
tomers when required; prepare 
specifications for hardware and 
design services to be purchased 
or built per contract; work with 
suppliers and purchasing per- 
sonnel to evaluate quotes on 
such goods and services; work 
with engineering and plant per- 
sonnel to develop system inter- 
faces and controls methods; 
work with internal production 
personnel in manufacturing, 
assembly and test of systems to 
resolve build problems related to 
software applications; prepare 
test procedures and documen- 
tation of test apparatus required 
to prove conformance with stated 
requirements prior to delivery or 
acceptance by customer; work 
with service personnel and cus- 
tomer contacts to diagnose and 
resolve technical problems or 
modifications required in the 
field; notify customer contact of 
any design considerations that 
require deviations from stated 
scope of supply or compliance 
with customer requirements; 
assure all technical changes are 
authorized by company prior to 
execution; assume responsibility 
for all documentation and follow 
through on changes in a timely 
manner; create, write, and update 
technical users manuals covering 
proper operation of software 
products offered by company; 
and work with customer contacts 
to execute any changes in scope 
of supply or deviations to com- 
pliance in requirements as 
authorized by company. Require 
a BS with major in Computer 
Science or Electrical Engineer- 
ing and minimum of 3 years of 
related job experience in em- 
bedded microprocessor software 
‘firmware design or industrial 
application software design at 
controiler or server levels, in- 
cluding experience with DOS 
Based platforms (X86 family and 
Pentium), software (C++, Windows 
family of operating systems), 
and networks (RS-232, RS-485, 
Ethernet). Position is full time, 40 
hrs per week, 8:00 am @ 5:00 
pm. Job site: Auburn Hills, MI. All 
applicants must have legal right 
to work in the US. Apply to: Tom 
Kosmata, CooperTools, 4121 
North Atlantic Bivd., Auburn 
Hills, Michigan 48326 

EOE mif/v/h 


Systems Analyst. Competitive 
salary 40 - 50 hrs/wk. Responsi- 
ble for extending, developing and 
designing client interfaces to 
automate client's business re- 
quirements. Internet and Intranet 
Web design and development 
Analyze client's business needs, 
perform feasibility studies, design 
process and data models based 
on requirement analysis, build 
physical data models, develop, 
implement and test applications. 
Lead a team of developers to 
web enable procurement system 
running on AS/400. Tools used: 
ORACLE, Developer 2000, De- 
signer 2000, Crystal Report. 
Java, VisualBasic 6.0, Project 
Library, PL/SQL. Pro*C, SQL 
Plus and JWalk. Require a BS in 
Computer Science with 2 years 
on the job experience or 2 years 
of Web design and development 
which must have included spe- 
cialized web development tools 
and software Java, J Developer 
and Jwalk. . Must have proof of 
permanent legal authorization 
to work in the US. Send resume 
& cover letter documenting 
minimum qualifications to: Behura 
Somdutt, Manager, Career & 
Consulting Services, 6250 West- 
park Drive, Suite 325, Houston, 
TX 77057, EEO. 


National instruments Corp., 
based in Austin, TX is currently 
seeking to fill multiple positions 
in the following: 


Software Engineers 

Research, dsgn & dvip s/ware in 
mainly C/C++ using OO dsgn & 
s/ware dsgn principles. Must have 
Bachelors in Engg, or Comp Sci, 
Physics or Math. CODE: CWSW 


Computer Hardware Design 
Engineers 

Research, dvip & manage pro- 
jects in data acquisition, signal 
conditioning, industrial commu- 
nication, instrument ctrl, image 
acquisition, embedded controliers 
& ASIC prdcts using dsgn tech- 
niques in analog & digital circuit 
dsgn, comp architecture, com- 
munication bus interfacing & digital 
signal processing. Must have 
Bachelors in Engg, Comp Sci, 
Physics or Math. CODE: CWHW 


Programmer/Analysts (Business 
Processes) 

Plan, analyze, dsgn, dvip & test 
s/ware using Oracle, Lotus 
Notes, Web; use GUI & object- 
oriented dsgn to dvip user inter- 
faces & data entry screens that 
support business functions. Must 
have Bachelor's in Info Sys, 
Comp Sci or Business Admin. 
CODE: CWPA 


Fax resumes to: HR Department 
at 512-683-6924. Job Code must 
appear on resume. 


NE OH Software Consulting Co. 
seeks SAP Consultant for devel- 
opment programming in client/serv- 
er computing environments; data 
conversion, enhancement develop- 
ment, configuration analysis, re- 
vising systems in conjunction 
with customer requirements; 
analysis and programming of 
user requirements and recom- 
mendation of best alternatives; 
detailing SAP ABAP/4 module 
requirements for programming of 
the existing SAP package; trans- 
lating customer requirements 
into codes and descriptions for 
entry into SAP ABAP/4 parame- 
ters; integrating programs to 
translate user requirements into 
specific applications software of 
the SAP module, utilizing the 
specialized package develop- 
ment software (ABAP/4); pro- 
gramming and testing program 
for errors. Min req. Bachelor's 
Degree in Comp. Sci. or equiv. 
based on a cred. eval. and 1 yr. 
In job or job related exp. in SAP 
Business Process Software Ver- 
sion 3.0e, Oracle, UNIX system, 
SAP ABAP/4 Version 3.0e devel- 
opment application language. 
Travel req. Resumes to HR, 5800 
Landerbrook, Mayfield Hts., OH 
44124. No calls. EOE 


Protech Solutions, inc. Delivers 
Innovative IT solutions to 
business clients nationwide. We 
have immediate full time 
opportunities for Programmers, 
Engineering Programmers, 
Programmer Analyst, Systems 
Analyst, Software Engineers, 
DBA's, Consultants and 
Software Consultants in any of 
the following areas 
LAN/ANEnterprise NW, MS 
Exchange, Web Server, 
Terminal Servers, Desktop 
Deployment, Software 
Distribution, Visual Studio, Java. 
C++, Oracle, Dev 2000, MTS, 
MSMQ, DCOM, Active X, SQL 
DBA, MCSD, OCP, HTML,SCYP, 
DHTML, XML, ASP, XSL,.CSS, 
MCD,COBOL,CICS,DB2, 
IMS,VSAM,TCL, PL/1, DBA, 
$/370,ES 9000,ADABAS, 
Natural, ERP Systems, 
SAP, Peoplesoft,Bachelor's 
/Master’s Degree required, 
depending on position. We 
also accept the 
educational equivalent 
the degree, or the degree 
equivalent in education and 
experience. Excellent benefits 
Send resume/salary req. to: HR, 
Protech Solutions, Inc 
124 W. Capitol, Suite 550, Little 
Rock, AR, 72201 or 
HR@protechsoft.com 


Computer Programmer, Roswell, 
GA, Info-One, Create code in 
VB, VBA, Access, Crystal Reports, 
Access 97/2000 and Sequel 
Server 7/2000 languages to 
develop, design and maintain the 
VTR Plus software and en- 
hancements for data collection. 
Regs. BA in Comp. Science, 
Eng. or Info. Tech. & 2 yrs exp. in 
the pos. offered or as Dvip. or 
Data/Software Researcher. The 
2 yrs reqd exp. must incl. creating, 
testing & preparing code for 
production, as well as converting 
specs into code in order to perform 
enhancements for Visual Basic/ 
Access/Sequal server products. 
The 2 yrs exp. must have incl. 
work w/Sequal Server in a Win- 
dows envir. utilizing SQL, HTML. 
ASP, JAVA Script, VB Script, 
VBA, Crystal Reports, Access, 
Excel, Windows NT. Send resume 
& evr. letter to Mr. David Hun- 
singer, Info-One, 37 Magnolia 
Street, 2th Floor, Roswell, GA 
30075. No phone calls. 


SYSTEM ANALYST. Analyzes 
user requirements procedures, 
and problems to automate pro- 
cessing or to improve existing 
computer systems. Bachelor of 
Science in Computer Science, 
Engineering or math-related and 
2 years experience required. 2 
years experience with MOVEX 
required. 


Apply by resume to Mike Holliman, 
VP Human Resources, Augusta 
Sportswear, Inc., P.O. Box 14939, 
Augusta, Georgia 30919-0939. 


Stanford Technology Partners Inc. 
is a California based Information 
Technology consulting company 
with its offices across the USA 
We seek a Director of Business 
Development. Responsibilities 
include overall responsibility for the 
management and development 
of the IT consulting business, de- 
veloping new clients and busi- 
ness opportunities for the IT con- 
sulting business. This position is 
located in Framingham, MA. 


If interested, please send resume 
to: Stanford Technology Partners 
Incorporation, 849 Erie Circle, 
Milpitas, CA 95035 Fax: (508) 
519-5689 

e-mail: recruiter @ stpincusa.com 


Systems Analyst; 8a-5p 40 hrs 
/wk; Analyze, design, develop, 
program, implement, test & 
maintain software applications 
based on user reqmts using C, 
Oracle 7, Dev. 2000 & Novell 
Netware 3.1; Bachelors or equiv. 
foreign degree in Computer Sc 
or Engg. or Tech; Computer Info 
Sys; Electronics or Electrical 
or other related branch of Engi- 
neering. One year experience in 
job offered or related occupation 
of Programmer Analyst, Applica- 
tion Developer or Software con- 
sultant or professional. Resume 
to: Axiom Systems, Inc. 2550 
Northwinds Pkwy., Suite 440, 
Alpharetta, GA 30004. 


Programmer/Analyst, Min. Bach- 
elor's in Computers/related field, 
2yrs exp. in similar position. Assist 
in feasibility studies and in 
determining functional specifica- 
tions; design develop, configure, 
and code applications, computer 
systems and subsystems. 40 
hrs/wk, 9AM-5PM. Competitive 
salary. Send resume to: Yellow 
Pages-Web Com LLC, 2818 
Everwood Pointe, Marietta, GA 
30008 


Network World July 15, 2002 


Systems Analyst (Trumbull, CT)- 
perform complex computer sys- 
tems analysis, software problem 
diagnosis, resolution, measure- 
ment and tuning to optimize 
online system, upgrade computer 
information systems infrastructure. 


Req. 4 yrs exp in the job, M-F, 
9-5:30, salary depends on expe- 


rience. Pls. send resume to HR 
Manager, The NASDAQ Stock 
Market, 80 Merritt Bivd, Trumbull, 
CT 0611, or fax to (203) 385-4698. 
EOE 


Technical Support Specialist 
8:00 a.m. to 5:00 p.m. 40 hours 
per week. Analyze project; 
assign and coordinate work 
schedules; review, test program 
for compatibility; troubleshoot 
and provide technical support 
/updates using VisualBasic, 
ActiveX, DHTML, ASP, Java, 
Oracle and Windows NT, Windows 
2000. Educational Requirement: 
Bachelors or equivalent degree 
in Computer Science/Engineering, 
Information Technology, Electrical, 
Electronics or related Engineering. 
Resume to: Spark Technologies, 
Inc., 7001 Peachtree Indus. 
Bivd., Suite 446, Norcross, GA 
30092. 


Software Engineer (Norcross, GA) 
Develop applications to conduct 
stock market research in NT & 
UNIX platforms. Work w/ OO 
technology, C++(COM), Visual 
Basic, Java AWT/Swing, Java 
Applet/ Serviets, SQL, Microsoft 
lS, Apache Server. Req. M Sc. 
in C.S. or its foreign degree 
equivalent + 1 yr exp. in job 
offered. Resume to VP, Compu- 
trade Systems, 3500 Pkwy Lane, 
Ste 420, Norcross, GA 30092 


Software Engineer (Atlanta, GA): 
Design & develop web-based 
software applications and B2B 
exchanges. Design, develop & 
maintain Enterprise Software 
Systems & innovative E-Com- 
merce solutions using JSP, Java 
Script, VBScript, ActiveX, ASP, 
Site Server, DHTML, IIS, Vitria 
Businessware, Java/J2EE, XML 
/XSL, COM/DCOM, Webiogic, 
JMS. Req. B.Sc. or its foreign 
degree equivalent in C. Sc., 
Electronics Engg. or other engi- 
neering field + 2yr. exp. in job 
offered. Resume to: Human 
Resources; job code CWDB87, 
Cbeyond Communications, 320 
Interstate North Pkwy, SE, Ste 
300, Atlanta, GA 30339 


Sr. Business Syst. Analyst - SAP. 
Prepare, evaluate, develop, con- 
figure, maintain, & support SAP- 
based IS, inc. project planning, 
requirement anal., gap anal., 
process redesign. Design, con- 
figure & dev. Fi/CO, SD, MM 
SAP Modules & integration w/ 
FI/CO. Write tech. specs for 
programs, Function Modules, 
BAPI, interfaces, data conver- 
sions, & reporting. Design & 
develop CATT Procedures, 
Report Painter & ABAP Query. 
B.S. or equiv. in MIS or related, 
w/ business orientation, + 2 yrs. 
experience & fluent SAP R/3 
& relevant Modules. Send resume 
to VP, HR, En Pointe Technologies, 
100 N. Sepulveda Bivd, 19th Fi., 
El Segundo, CA 90245 
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Moving 


But magnetic stripes 
are still alive; smart 
cards the horizon 


PATRICK THIBODEAU 
WASHINGTON 
Companies that want scan 
driver’s licenses authenticate 
customer identities face the 
prospect having deal with 
three different technologies. 
Various states are already 
taking different directions, and 
Congress could also influence 
the choice scanning tech- 
nologies. The bottom line: 
business can’t assured that 
the driver’s license scanning 
technology picks will the 
right choice. 


About states use magnetic 
stripes, bar codes both tech- 
nologies the same card. 

But there’s move Con- 
gress increase the security 
driver’s licenses with bio- 
metric technology. With time 
running out this session, 
however, lawmakers aren’t ex- 
pected act this year bill 
that would allocate $300 mil- 
lion states deploying bio- 
driver’s licenses. 

Despite the absence fed- 
eral action, there are nonethe- 
less clear technology trends 
among states. 

Two-dimensional bar codes 
are gaining ground over mag- 
netic stripes, with states us- 
ing them, according the 


Continued from page 


War Terror 


Inc. and Xerox Corp., name 
just few. All these compa- 
nies, and dozens more, are ac- 
tively pursuing the homeland 
security market. 

“Government has not had 
shortage security-related 
data and information,” said Jeff 
Bedell, chief technology offi- 
cer MicroStrategy, busi- 
ness intelligence software ven- 
dor McLean, Va. “Its funda- 
mental problem has been 


Corrections 


IN A JULY 8 STORY about IT 
the construction industry, the 
location Framework Tech- 
nologies Corp. was incorrect. 
The software company locat- 
Burlington, Mass. 

Also that issue, our page 
story the launch the 
nium misidentified analyst 
The Sageza Group Inc. His 
name Charles King. 


making sense the data, 
drawing links between all the 
disparate sources the data. 
Those weaknesses can di- 
rectly addressed 
strengths intelli- 
gence software.” 


Major Players 

Last month, IBM Global Ser- 
vices unveiled five technology 
suites designed specifically “to 
address broader and emerging 
safety and security issues in- 
dustry, global commerce and 
society,” said Rusine Mitchell- 
Sinclair, general manager 
IBM Global Services’ safety 
and security practice. 

its Institute for Electronic 
Government Washington, 
IBM showcased mobile com- 
munications 
nologies for emergency re- 
sponders, biometric authenti- 
cation 
physical and cybermonitoring 
systems, and wearable PCs for 
emergency first responders. 

Stamford, Conn.-based Xe- 
rox working with the FBI 
conduct 
ments” identify where the 
agency’s corporate knowledge 


2-D Bar-Code Licenses 


American Association Mo- 
tor Vehicle Administrators 
Arlington, Va. Twenty states 
use magnetic stripes, but some 
use both technologies. 
Advocates 2-D technolo- 
gy, such Dennis Nussbaum, 
top official Wisconsin’s Di- 
vision Motor Vehicles, say 
the bar codes are more durable 
than magnetic stripes, hold 
more data and can easily 
used other documents. 
Pennsylvania last year added 
2-D bar codes its driver’s li- 
censes but continuing use 
magnetic stripes give tech- 
nology options law enforce- 
ment agencies and retailers, 
said Joan Nissley, spokes- 
woman for the Pennsylvania 


Symbol Technologies Inc. 
Holtsville, developed the 
2-D technology standard. One 
the attractions 2-D bar 
codes their storage capabili- 
ty; each can hold 1,108 bytes of 
data. Magnetic stripes have 
maximum capacity 210 
bytes. With the likelihood that 
states will move biometric 
identifiers possibly re- 
sult federal law 
2-D bar codes might more 
appealing because their 
storage capacity. 

But the magnetic stripe may 
not out the running. 

MagTek Inc. Carson, 
Calif., has developed higher- 
density standard for magnetic 
stripes that would increase ca- 
pacity 1,836 bytes. The stan- 
dard has already been submit- 
ted various approval bodies. 

Kiran Gandhi, vice president 


Department Transportation. marketing MagTek, said 


More Homeland Secu 


the appeal magnetic stripes 
that most businesses have 
readers for them. 

Magnetic stripes put data 
three tracks; the data business- 
es scan is on Tracks 1 and 2. 
The high-density standard 
uses six tracks, and new read- 
would needed access 
that data, but the first two 
tracks would 
compatible, said Gandhi. 

smart card, which con- 
tains microprocessor, can 
hold 64,000 bytes data 
and can offer high security, 
well storage for many other 
applications, such health 
and motor vehicle insurance. 
But states say the technology 
would cost millions deploy 
and would take push Con- 
gress for funding, said Randy 
Vanderhoof, CEO Smart 
Card Alliance Inc. Princeton 
Junction, N_J.D 


Art Technology Group Inc. 

Cambridge, devel- 
oper online customer relation- 
ship management (CRM) tools. 


Started pilot program with the 
Agriculture Department that uses 
Commerce Suite send 
food-related emergency alerts 
school districts. 


exists and the best way com- 
municate and share that data 
securely, said Jim Joyce, presi- 
dent Xerox Connect. 

Xerox has developed several 


technologies applicable the 


broader homeland security ef- 
fort, said Joyce, including data 
glyphs that can embedded 
paper documents track- 
ing devices and ContentGuard 
software that lets companies 
track who accesses what infor- 
mation their Web pages. 
Meanwhile, Symbol pro- 
viding bar code reader that 
the U.S. Department State 
uses conduct physical secu- 
rity checks abroad, said Tom 
Roslak, vice president secu- 
rity Holtsville, 


Ascential Software Corp. 


Westboro, Mass.-based data integra- 
tion and data cleansing firm. 

Considers the process integrating 
and cleaning data for use CRM, ERP, 
business intelligence and e-business ap- 
plications metaphor for what fed- 
eral agencies could doing for 
homeland security and defense. 


Symbol. The bar codes are 
strategically placed around fa- 
cilities. Security guards then 
scan them with handheld de- 
vice that verifies that the 
checks were conducted the 
proper time and place. 
Companies such Fairfax, 
Va.-based American Manage- 
ment Systems, known best for 
its systems integration work 
the financial services sector, 
and database provider Oracle 
have gone one step further 
than most institutionalizing 
homeland security into their 
corporate structure. For exam- 
ple, AMS established Home- 
land Security Lab, where re- 
search being conducted 
link analysis, identity verifica- 


Datastrip Inc. 

Exton, Pa.-based provider se- 
cure high-density 2-D bar-code 
software and hardware 

Focusing applying its tech- 
nology the federal effort 
create a tamper-resistant entry 
and exit border-protection 


tion, hazardous materials man- 
agement and other areas. 

Likewise, Oracle has added 
homeland security solutions 
the title Steve Perkins, se- 
nior vice president Oracle 
Public Sector. Perkins said the 
full line Oracle applications 
will positioned help the 
“Department Homeland Se- 
curity consolidate its opera- 
tions, much like corporate 
merger, work more effi- 
ciently.” 


SECURITY MARKET Q&A 


Five top executives from IT vendor 
companies offer their perspectives of the 
homeland security market. 
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FRANK HAYES/FRANKLY SPEAKING 


Let Users Swat Bugs 


OPS. Two weeks ago this space, wrote about the 
importance reducing errors software and report- 
that U.S. software users could save $22.2 billion 
lost productivity software developers made “feasible 
improvements” software testing get rid more 
bugs, according the U.S. government’s National Institute Stan- 


dards and Technology. 


Then, little later the column, referred exactly the same 


amount $22.2 million. 


Hey, didn’t say getting rid errors easy. 


For the record, the correct number $22.2 
billion. And most readers were apparently able 
develop their own work-around for this in- 
formational bug they could continue reading 
the column. 

But the fact remains that spectacularly obvi- 
ous, thoroughly preventable error got through 
several layers (in the newspaper busi- 
ness, it’s called “editing”) and was spotted only 
users er, readers who helpfully report- 
the problem could corrected. 

Conclusions? Blowhard columnists are just 
error-prone programmers. And can help, 
but can’t count catch all errors 
even the obvious ones. And most important, 
when comes finding and correcting bugs, 
users are our friends. 

least they should be. And not just after 
code (or column) out the door. 

should put users the loop from the very 
beginning and keep them there, all the way 
through. 

After all, users know their jobs. They know 
how applications will used. They know what 
they need order business. Requirements 
and specifications and wish lists are just thin, 
pale abstraction what software 
supposed do. Users can give you 
the real thing real time. 

all know that the best time 
find bugs, errors design and just 
plain boneheaded ideas early 
possible, when they’re easiest 
fix. Which means the earlier 
connect users with code, the more 
they can help us. The more mock- 
ups, prototypes and eariy versions 
run past users, the more likely 
they will point out the things 
that don’t work before they’re hard 
change. 


FRANK HAYES, Computer- 
world's senior news colum- 
nist, has covered IT for more 
than 20 years. Contact him at 
frank_hayes@computerworld.com. 


Users can tell which features really matter 
and which ones are window dressing. They can 
identify which requirements are changing and 
which ones are likely to, and what direction. 
They can clarify how business processes actual- 
work, what screens and data actually 
use and where the biggest annoyances show up. 

And keep showing them what our appli- 
cation looks like and keep picking their brains 
for what’s right and what’s wrong with it, 
get continuous stream the best available in- 
formation how our software matches 
with their needs. 

Does that sound like lot extra work? Sure 
does. But it’s not much work for hav- 
ing change code later the process. And it’s 
not much work for users using some con- 
voluted work-around deal with bugs de- 
sign flaws that could have been fixed early on. 

course, users aren’t replacement for 
careful programming code reviews use 
modern software development techniques. 
Users spot poorly structured code mis- 
used libraries, and they probably find 
buffers that can overflow memory leaks that 
crash the application after many hours use. 

But they’ve got vested interest 
getting software that works. And 
when they’ve had chance help 
guide that software’s development, 
they’re more likely give useful 
feedback and bug reports the fin- 
ished product has problems and 
less likely just swear those 
dweebs the shop. 

figure out how bring your 
users and code together, early and 
often. Because getting rid soft- 
ware errors isn’t easy. And get our 
share that $22.2 mill er, billion, 
need all the help can get. 
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USER COMPLAINS that her 
monitor slowly dying. “It 
gets dimmer and dimmer the 
day wears and then, 
night rest, bit brighter,” 
she tells support pilot fish. Fish’s 
diagnosis: “As the sun comes 
over your shoulder during the 
day, it's washing out your screen. 
the morning, it's dark enough 
readable.” His prescription: 
“Try turning your desk around.” 


THIS PANICKED user's digital 
camera has problem, she 
pilot fish. The floppy 
disk drive keeps spinning and 
makes awful noise even with- 
out disk inserted, and the off 
switch working. don’t 
want send over you with 
continuously running, because 
that might cause more damage,” 
she says. Fish says, suggested 
she remove the battery and send 
over. Sometimes the simple 
solutions escape us.” 


PILOT fish installing spe- 
cialized software package and 
carefully follows the in- 
structions. But at one point, he 
enters the command shown 
the and gets back the 
response “Denied.” pores 
over the manual find what he’s 
done wrong, but keeps get- 
ting “Denied.” Fish calls the ven- 
local support rep, but after 
two days get past “De- 
nied” either, turns fish over 
tech support guru Germany. 


Fish walks through what 
done. “Then,” says, “the re- 
sponse got was 
“Yes,” says guru. “That's the nor- 
mal response.” After long 
pause, adds, “Maybe 
should put that the manual.” 


TAKES while, but pilot fish 
finaily fixes all the problems that 
crop his laptop after net- 
work upgrade. Then reboots 
and that takes very long 
while, calls help desk 
wizard. Wizard watches 
log-on script execute the rate 
one line per minute, then de- 
livers his suggestion: ever 
turn your computer off and 
everything should fine.” 


THIS AIRLINE ticket office 
Pittsburgh really needs color 
printer for printing out graphs 
and reports color, says pilot 
fish working there. But cheap- 
skate boss comes with um, 
“better” solution: Since the office 
Charlotte already has color 
printer, says, just send them 
the file electronically, they can 
print out color then they 
can fax back Pittsburgh. 


Color insatiable: sharky@ 
computerworld.com. You get 
stylish Shark shirt use 
your true tale life. And 
check out the daily feed, browse 
the Sharkives and sign for 
Shark Tank home delivery 
computerworld.com/sharky. 
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Backup the previous 
Why 
ever Want back 
the previous version? 
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software 


Winning the future: eBay has cracked the code the Holy Grail e-business. Satisfied customers 
who come back for more. But how can the Online Marketplace™ grow from billion gross 
merchandise sales $30 billion 2005? great plan, million loyal users and massively scalable 
Web site using WebSphere industry leading e-business infrastructure software. Part our 
winning software team, with Lotus® and get more, visit ibm.com/websphere/ebay 
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